Automated signature generation for Zero-day polymorphic worms using a Double-honeynet
Doctoral Thesis
2012
Permanent link to this Item
Authors
Supervisors
Journal Title
Link to Journal
Journal ISSN
Volume Title
Publisher
Publisher
University of Cape Town
Department
License
Series
Abstract
This thesis proposes an accurate system for signature generation for Zero-day polymorphic worms. Thesis consists of two parts: In part one, polymorphic worm instances are collected by designing a novel Double-honeynet system, which is able to detect new worms that have not been seen before. Unlimited honeynet outbound connections are introduced to collect all polymorphic worm instances. Therefore this system produces accurate worm signatures. In part two, signatures are generated for the polymorphic worms that are collected by the Double-honeynet system. Both a Modified Knuth-Morris-Pratt (MKMP) Algorithm, which is string matching based, and a Modified Principal Component Analysis (MPCA), which is statistics based, are used.
Description
Includes bibliographical references.
Keywords
Reference:
Mohammed, M. 2012. Automated signature generation for Zero-day polymorphic worms using a Double-honeynet. University of Cape Town.