blog




  • Essay / A signature-based approach against the polymorphic Internet...

    h Babu Battula Ram Bilash(2010UCP233)1TABLE OF CONTENTS1. Introduction2. Related work3. Design3.1 Connection failure Design3.2 Signature discovery Design4. Results5. Conclusion6. References31. IntroductionInternet worms pose a solemn threat to today's highly networked computing environment. Unlike other threats, viruses and Trojans, worms generally disperse automatically, without active human intervention, resulting in significantly higher infection rates than traditional viruses. These active Internet worms spread in an automated manner and travel across the Internet in a very short time. Antivirus is a signature-based technology. The antivirus compares the file structure to the signatures stored in its database. If the file contains the same signature, it means it is infected with a worm. The antivirus database should be updated regularly to discover new worms. The rapid response times required highlight the need for an automated mechanism to locally discover and control the spread of a worm. There are few answers to resolve the worm attack. One of the solutions for updating the antivirus allows you to discover worms. The antivirus cannot detect the worm due to its dispersal speed. Additionally, antivirus cannot automatically detect unknown Internet worms because it does not lock in on the worm's behavior but instead hangs on the signature to discover it. Therefore, antivirus cannot automatically discover most unknown Internet worms, routers and firewalls after configuration, it can block packets by congestion signatures, but these occur after dispersal of the worm .4 Automatic perception is particularly difficult because it is di cult to predict what form the next worm will take. However, automatic perception...... middle of article ......d G. Bakos, Using SensorNetworks and Data Fusion for Early perception of Active Worms, Proceedings of SPIE AeroSense, 2003, pp. 92104. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dil-ger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip and D. Zerkle, GrIDS-a Graph Based Intrusion perception System for Large Networks, Proceedings of the 19th National Conference on Information Systems Security, October 1996. C. Zou, W. Gong and D. Towsley, Monitoring and Early Detection of Internet Worms, ACM Trans. onNetworking, 2005. S. Chen and Y. Tang, Slowing Down Internet Worms, Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04), Tokyo, Japan, March 2005. 2004. X. Jiang and D. Xu , Pro ling Self-Propagating Wormsvia Behavioral Footprinting, Proceedings of the ACMWork-shop on Recurring Malcode, November. 2006.16