Automatic signature generation for polymorphic worms by combination of token extraction and sequence alignment approaches

Abstract: As modern worms spread quickly; any countermeasure based on human reaction is barely fast enough to thwart the threat. Moreover, because polymorphic worms could generate mutated instances, they are more complex than non-mutating ones. Currently, the content-based signature generation of polymorphic worms is a challenge for network security. Several signature classes have been proposed for polymorphic worms. Although previously proposed schemes consider patterns such as I-byte invariants and distance restrictio… Show more

“…Mondal et al [6] declared an automatic method that will generate signatures for the detection of polymorphic worms, and they applied Principal Component Analysis (PCA) for determining the critical substrings that appear mostly and are pooled amongst the instances of polymorphic worms for using them as signatures. Eskandari et al [7] proposed a signature generation scheme based on token extraction and multiple sequence alignment. However, these methods are usually based on the features manually presented, and then design an algorithm to detect worms.…”

A Worm Detection System Based on Deep Learning

“…Mondal et al [6] declared an automatic method that will generate signatures for the detection of polymorphic worms, and they applied Principal Component Analysis (PCA) for determining the critical substrings that appear mostly and are pooled amongst the instances of polymorphic worms for using them as signatures. Eskandari et al [7] proposed a signature generation scheme based on token extraction and multiple sequence alignment. However, these methods are usually based on the features manually presented, and then design an algorithm to detect worms.…”

A Worm Detection System Based on Deep Learning

ERES: an extended regular expression signature for polymorphic worm detection

An Attack Signatures Generation Sequence Alignment Algorithm Based on Production Rules