The Design and Testing of Automated Signature Generation Engine for Worms Detection

Kim, Sijung; Lee, Geuk; Kim, Bonghan

doi:10.1007/978-3-540-72830-6_101

The Design and Testing of Automated Signature Generation Engine for Worms Detection

Sijung Kim¹,
Geuk Lee² &
Bonghan Kim³

Conference paper

766 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4496))

Abstract

We have proposed automated signature generation engine for unknown attack detection. For this proposal, we have studied signature engine divided into header field and payload field. Especially, in payload field, we proposed signature generation agent which can be presented by using Suffix tree, and Longest Common Subsequence(LCSeq) among them is used to generate new signature automatically. Through the test, Snort signature and generated signature by using Longest Common Subsequence(LCSeq) are compared and evaluated.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Endorf, C., Schultz, E., Mellander, J.: Intrusion Detection & Prevention. McGraw-Hill, New York (2004)
Google Scholar
Hwang, K., Chen, Y., Liu, H.: Defending Distributed Systems Against Malicious Intrusions and Network Anomalies. In: IPDPS’05, pp. 286a (2005)
Google Scholar
Yu, J., Reddy, Y.V.R., Selliah, S., Kankanahalli, S., Reddy, S., Bharadwaj, V.: TRINETR: An Intrusion Detection Alert Management System. In: 13th IEEE (WETICE’04), pp. 235–240 (2004)
Google Scholar
Zhang, J., Gong, J., Ding, Y.: Research on automated rollbackability of intrusion response. Journal of Computer Security 12(5), 737–751 (2004)
Article Google Scholar
Kim, H.-A., Karp, B.: Autograph: Toward Automated, Distributed Worm Signature Detection. In: 13th Usenix Security Symposium, Security 2004 (August 2004)
Google Scholar
Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-Based Worm Detection and Signature Generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)
Chapter Google Scholar
Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worm. In: Security and Privacy 2005 IEEE Symposium, May 2005, pp. 226–241 (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Computer Science, ChungJu National University, Chungju , Chungbuk, Korea
Sijung Kim
Dept. of Computer Engineering, Hannam University, Taejeon, Korea
Geuk Lee
Dept. of Computer & Information Engineering, Chongju University, Chongju, Chungbuk, Korea
Bonghan Kim

Authors

Sijung Kim
View author publications
You can also search for this author in PubMed Google Scholar
Geuk Lee
View author publications
You can also search for this author in PubMed Google Scholar
Bonghan Kim
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Ngoc Thanh Nguyen Adam Grzech Robert J. Howlett Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kim, S., Lee, G., Kim, B. (2007). The Design and Testing of Automated Signature Generation Engine for Worms Detection. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2007. Lecture Notes in Computer Science(), vol 4496. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72830-6_101

Download citation

DOI: https://doi.org/10.1007/978-3-540-72830-6_101
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72829-0
Online ISBN: 978-3-540-72830-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics