Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/9702
Title: Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms
Authors: Tang, Y
Xiao, B 
Lu, X
Keywords: Distance restriction
Exploit-based signature generation
One-byte invariant
Polymorphic worms
Sequence alignment
Simplified regular expression
Issue Date: 2009
Publisher: Elsevier Advanced Technology
Source: Computers and security, 2009, v. 28, no. 8, p. 827-842 How to cite?
Journal: Computers and Security 
Abstract: In this paper, we propose Simplified Regular Expression (SRE) signature, which uses multiple sequence alignment techniques, drawn from bioinformatics, in a novel approach to generating more accurate exploit-based signatures. We also provide formal definitions of what is "a more specific" and what is "the most specific" signature for a polymorphic worm and show that the most specific exploit-based signature generation is NP-hard. The approach involves three steps: multiple sequence alignment to reward consecutive substring extractions, noise elimination to remove noise effects, and signature transformation to make the SRE signature compatible with current IDSs. Experiments on a range of polymorphic worms and real-world polymorphic shellcodes show that our bioinformatics approach is noise-tolerant and as that because it extracts more polymorphic worm characters, like one-byte invariants and distance restrictions between invariant bytes, the signatures it generates are more accurate and precise than those generated by some other exploit-based signature generation schemes.
URI: http://hdl.handle.net/10397/9702
DOI: 10.1016/j.cose.2009.06.003
Appears in Collections:Journal/Magazine Article

Access
View full-text via PolyU eLinks SFX Query
Show full item record

SCOPUSTM   
Citations

21
Last Week
0
Last month
0
Citations as of Sep 11, 2017

WEB OF SCIENCETM
Citations

13
Last Week
0
Last month
0
Citations as of Sep 14, 2017

Page view(s)

37
Last Week
4
Last month
Checked on Sep 18, 2017

Google ScholarTM

Check

Altmetric



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.