Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets

Kohei Tatara, Yoshiaki Hori, Kouichi Sakurai

研究成果: 著書/レポートタイプへの貢献会議での発言

抄録

Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

元の言語英語
ホスト出版物のタイトルProceedings - International Conference on Availability, Reliability and Security, ARES 2009
ページ972-977
ページ数6
DOI
出版物ステータス出版済み - 10 12 2009
イベントInternational Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Fukuoka Prefecture, 日本
継続期間: 3 16 20093 19 2009

出版物シリーズ

名前Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

その他

その他International Conference on Availability, Reliability and Security, ARES 2009
日本
Fukuoka, Fukuoka Prefecture
期間3/16/093/19/09

Fingerprint

Packet networks
Intrusion detection

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

これを引用

Tatara, K., Hori, Y., & Sakurai, K. (2009). Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets. : Proceedings - International Conference on Availability, Reliability and Security, ARES 2009 (pp. 972-977). [5066596] (Proceedings - International Conference on Availability, Reliability and Security, ARES 2009). https://doi.org/10.1109/ARES.2009.103

Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets. / Tatara, Kohei; Hori, Yoshiaki; Sakurai, Kouichi.

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009. 2009. p. 972-977 5066596 (Proceedings - International Conference on Availability, Reliability and Security, ARES 2009).

研究成果: 著書/レポートタイプへの貢献会議での発言

Tatara, K, Hori, Y & Sakurai, K 2009, Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets. : Proceedings - International Conference on Availability, Reliability and Security, ARES 2009., 5066596, Proceedings - International Conference on Availability, Reliability and Security, ARES 2009, pp. 972-977, International Conference on Availability, Reliability and Security, ARES 2009, Fukuoka, Fukuoka Prefecture, 日本, 3/16/09. https://doi.org/10.1109/ARES.2009.103
Tatara K, Hori Y, Sakurai K. Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets. : Proceedings - International Conference on Availability, Reliability and Security, ARES 2009. 2009. p. 972-977. 5066596. (Proceedings - International Conference on Availability, Reliability and Security, ARES 2009). https://doi.org/10.1109/ARES.2009.103
Tatara, Kohei ; Hori, Yoshiaki ; Sakurai, Kouichi. / Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets. Proceedings - International Conference on Availability, Reliability and Security, ARES 2009. 2009. pp. 972-977 (Proceedings - International Conference on Availability, Reliability and Security, ARES 2009).
@inproceedings{cd2eedb4a86b4244ae5a4bffdfccf395,
title = "Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets",
abstract = "Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.",
author = "Kohei Tatara and Yoshiaki Hori and Kouichi Sakurai",
year = "2009",
month = "10",
day = "12",
doi = "10.1109/ARES.2009.103",
language = "English",
isbn = "9780769535647",
series = "Proceedings - International Conference on Availability, Reliability and Security, ARES 2009",
pages = "972--977",
booktitle = "Proceedings - International Conference on Availability, Reliability and Security, ARES 2009",

}

TY - GEN

T1 - Polymorphic worm detection by analyzing maximum length of instruction sequence in network packets

AU - Tatara, Kohei

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2009/10/12

Y1 - 2009/10/12

N2 - Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

AB - Intrusion detection system records worm's signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.

UR - http://www.scopus.com/inward/record.url?scp=70349667597&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349667597&partnerID=8YFLogxK

U2 - 10.1109/ARES.2009.103

DO - 10.1109/ARES.2009.103

M3 - Conference contribution

AN - SCOPUS:70349667597

SN - 9780769535647

T3 - Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

SP - 972

EP - 977

BT - Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

ER -