Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection

Kohei Tatara, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

Original languageEnglish
Title of host publicationProceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008
Pages485-489
Number of pages5
DOIs
Publication statusPublished - Sep 12 2008
Event2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008 - Busan, Korea, Republic of
Duration: Apr 24 2008Apr 26 2008

Publication series

NameProceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008

Other

Other2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008
CountryKorea, Republic of
CityBusan
Period4/24/084/26/08

Fingerprint

Packet networks
Viruses

All Science Journal Classification (ASJC) codes

  • Computer Graphics and Computer-Aided Design
  • Computer Science Applications
  • Software

Cite this

Tatara, K., Hori, Y., & Sakurai, K. (2008). Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection. In Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008 (pp. 485-489). [4505774] (Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008). https://doi.org/10.1109/MUE.2008.119

Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection. / Tatara, Kohei; Hori, Yoshiaki; Sakurai, Kouichi.

Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008. 2008. p. 485-489 4505774 (Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tatara, K, Hori, Y & Sakurai, K 2008, Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection. in Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008., 4505774, Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008, pp. 485-489, 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008, Busan, Korea, Republic of, 4/24/08. https://doi.org/10.1109/MUE.2008.119
Tatara K, Hori Y, Sakurai K. Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection. In Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008. 2008. p. 485-489. 4505774. (Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008). https://doi.org/10.1109/MUE.2008.119
Tatara, Kohei ; Hori, Yoshiaki ; Sakurai, Kouichi. / Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection. Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008. 2008. pp. 485-489 (Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008).
@inproceedings{d7fd87aba87448e3a0064ec65a089b11,
title = "Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection",
abstract = "The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.",
author = "Kohei Tatara and Yoshiaki Hori and Kouichi Sakurai",
year = "2008",
month = "9",
day = "12",
doi = "10.1109/MUE.2008.119",
language = "English",
isbn = "0769531342",
series = "Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008",
pages = "485--489",
booktitle = "Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008",

}

TY - GEN

T1 - Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection

AU - Tatara, Kohei

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2008/9/12

Y1 - 2008/9/12

N2 - The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

AB - The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

UR - http://www.scopus.com/inward/record.url?scp=51249119473&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51249119473&partnerID=8YFLogxK

U2 - 10.1109/MUE.2008.119

DO - 10.1109/MUE.2008.119

M3 - Conference contribution

AN - SCOPUS:51249119473

SN - 0769531342

SN - 9780769531342

T3 - Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008

SP - 485

EP - 489

BT - Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008

ER -