Open Access
Subscription Access
An Automatic Extraction Approach of Worm Signatures Based on Behavioral Footprint Analysis
Abstract
This paper presents an automatic extraction approach of worm signatures based on behavioral footprint analysis. Firstly, the suspicious worm traffic is detected based on worm behavior and is an instance of the Sequential Change Point Detection. To make the detection mechanism insensitive to site and access pattern, a non-parametric Cumulative Sum (CUSUM) method is applied, thus making the detection mechanism much more generally applicable and its deployment much easier. Secondly, worm behavioral footprint is defined and classified. The chronicle formalism is applied to correlate the footprint in suspicious worm traffic. Finally, worm signatures are extracted and ascertained by the evaluation function. The experiment shows that the approach can extract worm signatures effectively and accurately. There is a conclusion that worm behavioral footprint can't identify the worm accurately, but it helps to locate worm signatures, so signatures can be extracted effectively.
Keywords
Network security; Worm behavioral footprint; Worm signature extraction; Worm detection
Citation Format:
Hanxun Zhou, Wei Guo, Yong Feng, "An Automatic Extraction Approach of Worm Signatures Based on Behavioral Footprint Analysis," Journal of Internet Technology, vol. 15, no. 3 , pp. 405-412, May. 2014.
Hanxun Zhou, Wei Guo, Yong Feng, "An Automatic Extraction Approach of Worm Signatures Based on Behavioral Footprint Analysis," Journal of Internet Technology, vol. 15, no. 3 , pp. 405-412, May. 2014.
Refbacks
- There are currently no refbacks.
Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314 E-mail: jit.editorial@gmail.com