Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
RAID
2005
Springer
2005
Springer
Polymorphic Worm Detection Using Structural Information of Executables
Abstract. Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts. Because of the speed at which worms spread to large computer populations, countermeasures based on human reaction time are not feasible. Therefore, recent research has focused on devising new techniques to detect and contain network worms without the need of human supervision. In particular, a number of approaches have been proposed to automatically derive signatures to detect network worms by analyzing a number of worm-related network streams. Most of these techniques, however, assume that the worm code does not change during the infection process. Unfortunately, worms can be polymorphic. That is, they can mutate as they spread across the network. To detect these types of worms, it is necessary to devise new techniques that are able to identify similarities between different mutations of a worm. This paper presents a novel techni...
Real-time TrafficRelated Content
| Added | 28 Jun 2010 |
| Updated | 28 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | RAID |
| Authors | Christopher Krügel, Engin Kirda, Darren Mutz, William K. Robertson, Giovanni Vigna |
Comments (0)
Researcher Info
|
