Automated signature generation for Zero-day polymorphic worms using a Double-honeynet

Doctoral Thesis

2012

Permanent link to this Item
Authors
Supervisors
Journal Title
Link to Journal
Journal ISSN
Volume Title
Publisher
Publisher

University of Cape Town

License
Series
Abstract
This thesis proposes an accurate system for signature generation for Zero-day polymorphic worms. Thesis consists of two parts: In part one, polymorphic worm instances are collected by designing a novel Double-honeynet system, which is able to detect new worms that have not been seen before. Unlimited honeynet outbound connections are introduced to collect all polymorphic worm instances. Therefore this system produces accurate worm signatures. In part two, signatures are generated for the polymorphic worms that are collected by the Double-honeynet system. Both a Modified Knuth-Morris-Pratt (MKMP) Algorithm, which is string matching based, and a Modified Principal Component Analysis (MPCA), which is statistics based, are used.
Description

Includes bibliographical references.

Reference:

Collections