Abstract
In Internet infrastructure, information security is the most major concern for any individual or any organization. The general regular signature-based approach fails to detect unknown attacks promptly. Our research approach construes a unique honeypot system which will be able to detect the suspected traffic from other ordinary traffic and captures relevant particulars about different worm operation without attacker’s information. Our structural approach is automated and generates a high-quality signature for mainly unknown polymorphic worms. We are using a probabilistic approach to generate an attack pattern which deals with low-false alarm. Our observation with artificially produced polymorphic worms illustrates the proposed setup can be qualified to improve the efficiency of the intrusion detection system signature database and also able to increase the possibility of encounter different kinds of polymorphic worms with high expertise.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Tang Y, Chen S (2007) An automated signature-based approach against polymorphic Internet worms. In: IEEE transaction on parallel and distributed systems, pp 879–892
Tang Y, Chen S (2010) Defending against Internet worms: a signature-based approach. Department of Computer & Information Science & Engineering, University of Florida, Gainesville, FL, USA., pp 32611–6120
Spitzner L (2003) The Honeynet project: trapping the hackers. IEEE S&P, pp 15–23
Newsome J, Karp B, Song D (2005) Polygraph: automatically generating signatures for polymorphic worms. In: IEEE security and privacy symposium, 2005
Li Z, Sanghi M, Chen Y, Kao M, Chavez B (2006) Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. IEEE S&P, pp 33–47
Li Z, Sanghi M, Chen Y, Kao M, Chavez B (2006) Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proceedings IEEE S&P, pp 33–47
Manzini G, Ferragina P (2004) Engineering a lightweight suffix array construction algorithm. Algorithmica 40(1)
SANS Institute, Lion worm. Available: http://www.sans.org/y2k/lion.htm
C.CAN-2003-0245, Apache apr-psprintf memory corruption vulnerability. Available: http://www.securityfocus.com/bid/7723/discussion
Zhou J, Heckman M, Reynolds B, Carlson A, Bishop M (2007) Modelling network intrusion detection alerts for correlation. ACM Trans Inf Syst Secur (TISSEC) 10(1):1–31
Bio intrusion detection system. Int J Inf Secur Res (IJISR) 1(1/2). Available: http://www.bro-ids.org/ (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Mondal, A., Nath, S., Bose, P., Goswami, R.T. (2021). Generate Signature for Polymorphic Worm: A Real-Time Honeypot Approach. In: Mahapatra, R.P., Panigrahi, B.K., Kaushik, B.K., Roy, S. (eds) Proceedings of 6th International Conference on Recent Trends in Computing. Lecture Notes in Networks and Systems, vol 177. Springer, Singapore. https://doi.org/10.1007/978-981-33-4501-0_26
Download citation
DOI: https://doi.org/10.1007/978-981-33-4501-0_26
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-4500-3
Online ISBN: 978-981-33-4501-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)