Detecting Zero-day Polymorphic Worm: A Review

Abstract

a computer worm is malicious software that has the capability to spread and replicate itself into a computer network. A polymorphic worm is a specific type of worm that changed its structure in every appearance or new instance. A polymorphic worm is considered as one of the most dangerous threats over the Internet because it is hard to detect. It also has the ability to change its payload in every new infection of every new victim to avoid detection by security systems. This survey paper reviews and discusses the recent methods that are used to detect and generate automatic signature for zero day polymorphic worm.