Automatic defense against zero-day polymorphic worms in communication networks
Internet worms pose a major threat to Internet infrastructure security, and their destruction is truly costly. Computer Worm is a kind of malicious program that self-replicates automatically within a computer network. Worms are in general, a serious threat to computers connected to the Internet and...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Book |
| Language: | English English |
| Published: |
CRC Press, USA
2013
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/25812/1/Auto_Defense_polyworm_COVER.jpg http://irep.iium.edu.my/25812/3/PREFACE_AuthBIO_Worm_CRC.pdf http://irep.iium.edu.my/25812/ http://www.crcpress.com/product/isbn/9781466557277 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.iium.irep.25812 |
|---|---|
| record_format |
dspace |
| spelling |
my.iium.irep.258122012-12-21T00:57:00Z http://irep.iium.edu.my/25812/ Automatic defense against zero-day polymorphic worms in communication networks Mohammed, Mohssen Pathan, Al-Sakib Khan QA75 Electronic computers. Computer science QA76 Computer software Internet worms pose a major threat to Internet infrastructure security, and their destruction is truly costly. Computer Worm is a kind of malicious program that self-replicates automatically within a computer network. Worms are in general, a serious threat to computers connected to the Internet and its proper functioning. These malicious programs can spread by exploiting low-level software defects, and can use their victims for illegitimate activities; such as corrupting data, sending unsolicited electronic mail messages, generating traffic for distributed Denial of Service (DoS) attacks, or stealing information. Today, the speed at which the worm propagates poses a serious security threat to the Internet. Polymorphic worm is a kind of worm that is able to change its payload in every infection attempt, so it can evade the Intrusion Detection Systems (IDSs), and damage data, delay the network, cause information theft, and other illegal activities that lead to even for example, high financial loss. To defend the network against the worm, intrusion detection systems (IDSs) such as Bro and Snort are commonly deployed at the edge of network and the Internet. The main principle of these IDSs is to analyze the traffic to compare it against the signatures stored in their databases. Whenever a novel worm is detected in the Internet, the common approach is that the experts from security community analyze the worm code manually and produce a signature. The signature is then distributed and each IDS updates its database with this new signature. This approach of creating signature is human intensive, very slow and when we have threats of very fast replicating worms (that take as small as few seconds to bring down the entire network) like Zero-day polymorphic worms, the need of an alternative is recognized. The alternative approach is to find a way to automatically generate signatures that are relatively faster to generate and are of acceptable good quality. This book focuses on how we can automatically generate signatures for unknown polymorphic worms. CRC Press, USA 2013 Book REM application/pdf en http://irep.iium.edu.my/25812/1/Auto_Defense_polyworm_COVER.jpg application/pdf en http://irep.iium.edu.my/25812/3/PREFACE_AuthBIO_Worm_CRC.pdf Mohammed, Mohssen and Pathan, Al-Sakib Khan (2013) Automatic defense against zero-day polymorphic worms in communication networks. CRC Press, USA, USA. ISBN 9781466557277 (In Press) http://www.crcpress.com/product/isbn/9781466557277 |
| institution |
Universiti Islam Antarabangsa Malaysia |
| building |
IIUM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
International Islamic University Malaysia |
| content_source |
IIUM Repository (IREP) |
| url_provider |
http://irep.iium.edu.my/ |
| language |
English English |
| topic |
QA75 Electronic computers. Computer science QA76 Computer software |
| spellingShingle |
QA75 Electronic computers. Computer science QA76 Computer software Mohammed, Mohssen Pathan, Al-Sakib Khan Automatic defense against zero-day polymorphic worms in communication networks |
| description |
Internet worms pose a major threat to Internet infrastructure security, and their destruction is truly costly. Computer Worm is a kind of malicious program that self-replicates automatically within a computer network. Worms are in general, a serious threat to computers connected to the Internet and its proper functioning. These malicious programs can spread by exploiting low-level software defects, and can use their victims for illegitimate activities; such as corrupting data, sending unsolicited electronic mail messages, generating traffic for distributed Denial of Service (DoS) attacks, or stealing information. Today, the speed at which the worm propagates poses a serious security threat to the Internet.
Polymorphic worm is a kind of worm that is able to change its payload in every infection attempt, so it can evade the Intrusion Detection Systems (IDSs), and damage data, delay the network, cause information theft, and other illegal activities that lead to even for example, high financial loss. To defend the network against the worm, intrusion detection systems (IDSs) such as Bro and Snort are commonly deployed at the edge of network and the Internet. The main principle of these IDSs is to analyze the traffic to compare it against the signatures stored in their databases. Whenever a novel worm is detected in the Internet, the common approach is that the experts from security community analyze the worm code manually and produce a signature. The signature is then distributed and each IDS updates its database with this new signature.
This approach of creating signature is human intensive, very slow and when we have threats of very fast replicating worms (that take as small as few seconds to bring down the entire network) like Zero-day polymorphic worms, the need of an alternative is recognized. The alternative approach is to find a way to automatically generate signatures that are relatively faster to generate and are of acceptable good quality. This book focuses on how we can automatically generate signatures for unknown polymorphic worms. |
| format |
Book |
| author |
Mohammed, Mohssen Pathan, Al-Sakib Khan |
| author_facet |
Mohammed, Mohssen Pathan, Al-Sakib Khan |
| author_sort |
Mohammed, Mohssen |
| title |
Automatic defense against zero-day polymorphic worms in communication networks |
| title_short |
Automatic defense against zero-day polymorphic worms in communication networks |
| title_full |
Automatic defense against zero-day polymorphic worms in communication networks |
| title_fullStr |
Automatic defense against zero-day polymorphic worms in communication networks |
| title_full_unstemmed |
Automatic defense against zero-day polymorphic worms in communication networks |
| title_sort |
automatic defense against zero-day polymorphic worms in communication networks |
| publisher |
CRC Press, USA |
| publishDate |
2013 |
| url |
http://irep.iium.edu.my/25812/1/Auto_Defense_polyworm_COVER.jpg http://irep.iium.edu.my/25812/3/PREFACE_AuthBIO_Worm_CRC.pdf http://irep.iium.edu.my/25812/ http://www.crcpress.com/product/isbn/9781466557277 |
| _version_ |
1643609009636245504 |
| score |
13.160551 |