IIUM Repository

Automatic defense against zero-day polymorphic worms in communication networks

Mohammed, Mohssen and Pathan, Al-Sakib Khan (2013) Automatic defense against zero-day polymorphic worms in communication networks. CRC Press, USA, USA. ISBN 9781466557277 (In Press)

PDF (JPEG cover page image)
Download (17kB) | Preview
PDF (Preface of the book)
Download (26kB) | Preview


Internet worms pose a major threat to Internet infrastructure security, and their destruction is truly costly. Computer Worm is a kind of malicious program that self-replicates automatically within a computer network. Worms are in general, a serious threat to computers connected to the Internet and its proper functioning. These malicious programs can spread by exploiting low-level software defects, and can use their victims for illegitimate activities; such as corrupting data, sending unsolicited electronic mail messages, generating traffic for distributed Denial of Service (DoS) attacks, or stealing information. Today, the speed at which the worm propagates poses a serious security threat to the Internet. Polymorphic worm is a kind of worm that is able to change its payload in every infection attempt, so it can evade the Intrusion Detection Systems (IDSs), and damage data, delay the network, cause information theft, and other illegal activities that lead to even for example, high financial loss. To defend the network against the worm, intrusion detection systems (IDSs) such as Bro and Snort are commonly deployed at the edge of network and the Internet. The main principle of these IDSs is to analyze the traffic to compare it against the signatures stored in their databases. Whenever a novel worm is detected in the Internet, the common approach is that the experts from security community analyze the worm code manually and produce a signature. The signature is then distributed and each IDS updates its database with this new signature. This approach of creating signature is human intensive, very slow and when we have threats of very fast replicating worms (that take as small as few seconds to bring down the entire network) like Zero-day polymorphic worms, the need of an alternative is recognized. The alternative approach is to find a way to automatically generate signatures that are relatively faster to generate and are of acceptable good quality. This book focuses on how we can automatically generate signatures for unknown polymorphic worms.

Item Type: Book
Additional Information: The book is in process of publication in 2013. Now, in press.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Computer Science
Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User: Dr. Al-Sakib Khan Pathan
Date Deposited: 21 Dec 2012 08:57
Last Modified: 21 Dec 2012 08:57
URI: http://irep.iium.edu.my/id/eprint/25812

Actions (login required)

View Item View Item


Downloads per month over past year