TY - GEN
T1 - Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets
AU - Tatara, Kohei
AU - Hori, Yoshiaki
AU - Sakurai, Kouichi
PY - 2009/10/12
Y1 - 2009/10/12
N2 - Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.
AB - Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.
UR - http://www.scopus.com/inward/record.url?scp=70349667597&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349667597&partnerID=8YFLogxK
U2 - 10.1109/ARES.2009.103
DO - 10.1109/ARES.2009.103
M3 - Conference contribution
AN - SCOPUS:70349667597
SN - 9780769535647
T3 - Proceedings - International Conference on Availability, Reliability and Security, ARES 2009
SP - 972
EP - 977
BT - Proceedings - International Conference on Availability, Reliability and Security, ARES 2009
T2 - International Conference on Availability, Reliability and Security, ARES 2009
Y2 - 16 March 2009 through 19 March 2009
ER -