TY - GEN
T1 - Analyzing maximum length of instruction sequence in network packets for polymorphic worm detection
AU - Tatara, Kohei
AU - Hori, Yoshiaki
AU - Sakurai, Kouichi
PY - 2008/9/12
Y1 - 2008/9/12
N2 - The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.
AB - The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.
UR - http://www.scopus.com/inward/record.url?scp=51249119473&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51249119473&partnerID=8YFLogxK
U2 - 10.1109/MUE.2008.119
DO - 10.1109/MUE.2008.119
M3 - Conference contribution
AN - SCOPUS:51249119473
SN - 0769531342
SN - 9780769531342
T3 - Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008
SP - 485
EP - 489
BT - Proceedings - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008
T2 - 2008 International Conference on Multimedia and Ubiquitous Engineering, MUE 2008
Y2 - 24 April 2008 through 26 April 2008
ER -