Analyzing Maximum Length of Instruction Sequence in Network Packets for Polymorphic Worm Detection

2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008) Pub Date : 2008-04-24 DOI:10.1109/MUE.2008.119

K. Tatara, Y. Hori, K. Sakurai

{"title":"Analyzing Maximum Length of Instruction Sequence in Network Packets for Polymorphic Worm Detection","authors":"K. Tatara, Y. Hori, K. Sakurai","doi":"10.1109/MUE.2008.119","DOIUrl":null,"url":null,"abstract":"The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already- known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.Then, we describe the problem of their method and how to solve it.","PeriodicalId":203066,"journal":{"name":"2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MUE.2008.119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already- known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.'s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.Then, we describe the problem of their method and how to solve it.

查看原文本刊更多论文

基于多态蠕虫检测的网络数据包指令序列最大长度分析

通过对原始蠕虫的某些部分进行修改来发现蠕虫的方法的重要性增加了。与过去的杀毒软件所采用的简单定义相比，很难检测到这些蠕虫。此外，如果它不是已知的蠕虫，则不可能检测到它。本文主要研究Toth等人提取网络数据流中包含的可执行代码，并通过测量数据流长度来检测攻击的方法。通过对原始蠕虫的某些部分进行修改来发现蠕虫的方法的重要性增加了。与过去的杀毒软件所采用的简单定义相比，很难检测到这些蠕虫。此外，如果它不是已知的蠕虫，则不可能检测到它。本文主要研究Toth等人提取网络数据流中包含的可执行代码，并通过测量数据流长度来检测攻击的方法。然后，我们描述了他们的方法的问题和如何解决它。然后，我们描述了他们的方法的问题和如何解决它。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008)

自引率

0.00%

发文量