Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets

Kohei Tatara, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

Original languageEnglish
Title of host publicationProceedings - International Conference on Availability, Reliability and Security, ARES 2009
Pages972-977
Number of pages6
DOIs
Publication statusPublished - Oct 12 2009
EventInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Fukuoka Prefecture, Japan
Duration: Mar 16 2009Mar 19 2009

Publication series

NameProceedings - International Conference on Availability, Reliability and Security, ARES 2009

Other

OtherInternational Conference on Availability, Reliability and Security, ARES 2009
CountryJapan
CityFukuoka, Fukuoka Prefecture
Period3/16/093/19/09

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Tatara, K., Hori, Y., & Sakurai, K. (2009). Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets. In Proceedings - International Conference on Availability, Reliability and Security, ARES 2009 (pp. 972-977). [5066596] (Proceedings - International Conference on Availability, Reliability and Security, ARES 2009). https://doi.org/10.1109/ARES.2009.103