원문정보
초록
영어
Worms are self –replicating, fast moving malicious codes, capable of spreading themselves without human interaction. It’s a weapon of choice for those, who like to launch destructive attacks on network or internet as a whole. Recently there emerge more sophisticated worms such as polymorphic worm which vary their payload in every infection attempt. Polymorphic worms have more than one mutated instances. It is very important to detect and prevent such worms quickly and accurately at their early phase of infection. There are several worm detection and containment methods available. This paper surveys recent automated signature based detection of polymorphic worms and presents a classification for various signature approaches. There are two main categories of worm signatures, exploit specific and vulnerability driven. Both categories of signature are either network-based or host based. Each signature generation scheme is described and discussed in appropriate category. We analyze and compare different signature schemes. The paper concludes with challenge and scope of future research directions.
목차
1. Introduction
2. Anatomy of Polymorphic worms:
3. Classification of Polymorphic Worm Signatures
4. Exploit-specific (Network Based) Signature Generation:
5. Exploit Specific (Host based) signature:
6. Vulnerability – Driven (Network Based) signature:
7. Vulnerability- Driven (Host Based) signature:
8. Comparison of Polymorphic worm signature Generation techniques:
9. Conclusion and Future Work
Acknowledgements
References