IIUM Repository

An automated signature generation method for zero-day polymorphic worms based on multilayer perceptron model

Mohammed, Mohssen M. Z. E. and Chan, H. Anthony and Ventura , Neco and Pathan, Al-Sakib Khan (2013) An automated signature generation method for zero-day polymorphic worms based on multilayer perceptron model. In: 2nd International Conference on Advanced Computer Science Applications and Technologies (ACSAT2013), 22-24 December 2013, Kuching, Sarawak, Malaysia.

[img] PDF (Accepted Paper) - Accepted Version
Restricted to Repository staff only

Download (198kB) | Request a copy
[img] PDF (Notification of Acceptance) - Supplemental Material
Restricted to Repository staff only

Download (28kB) | Request a copy
[img] PDF (Conference Program) - Supplemental Material
Restricted to Registered users only

Download (145kB) | Request a copy
[img] PDF (FULL PAPER) - Published Version
Restricted to Registered users only

Download (211kB) | Request a copy

Abstract

Polymorphic worms are considered as the most dangerous threats to the Internet security, and the danger lies in changing their payloads in every infection attempt to avoid the security systems. In this paper, we propose an accurate signature generation system for zero-day polymorphic worms. We have designed a novel Double-honeynet system, which is able to detect zero-day polymorphic worms that have not been seen before. To generate signatures for polymorphic worms we have two steps. The first step is the polymorphic worms sample collection which is done by the Double-honeynet system. The second step is the signature generation for the collected samples which is done by k-means clustering algorithm and a Multilayer Perceptron Model. The system collects different types of polymorphic worms; we used the k-means clustering algorithm to separate each type into a cluster. The Multilayer Perceptron Model is used to generate signatures for each cluster. The main goal for this system is to reduce the false positives and false negatives.

Item Type: Conference or Workshop Item (Full Paper)
Additional Information: 6481/33752
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Computer Science
Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User: Dr. Al-Sakib Khan Pathan
Date Deposited: 31 Dec 2013 15:13
Last Modified: 20 Feb 2015 17:20
URI: http://irep.iium.edu.my/id/eprint/33752

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year