Sciweavers

Share
RAID
2005
Springer

Polymorphic Worm Detection Using Structural Information of Executables

10 years 8 months ago
Polymorphic Worm Detection Using Structural Information of Executables
Abstract. Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts. Because of the speed at which worms spread to large computer populations, countermeasures based on human reaction time are not feasible. Therefore, recent research has focused on devising new techniques to detect and contain network worms without the need of human supervision. In particular, a number of approaches have been proposed to automatically derive signatures to detect network worms by analyzing a number of worm-related network streams. Most of these techniques, however, assume that the worm code does not change during the infection process. Unfortunately, worms can be polymorphic. That is, they can mutate as they spread across the network. To detect these types of worms, it is necessary to devise new techniques that are able to identify similarities between different mutations of a worm. This paper presents a novel techni...
Christopher Krügel, Engin Kirda, Darren Mutz,
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where RAID
Authors Christopher Krügel, Engin Kirda, Darren Mutz, William K. Robertson, Giovanni Vigna
Comments (0)
books