Computer Sciences Dept.

Computer Security and Cryptography Reading Group
April 2006 List

Date &
Location
Reading
Friday, April 7, 2006
11 AM - 12 PM
7331 CS

Z. Li

Y. Chen

M. Kao
Z. Li, M. Sanghi, Y. Chen, M. Kao, B. Chavez
Northwestern
Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience
IEEE S&P'06

URL: http://www.cs.northwestern.edu/~ychen/Papers/mainHamsa.pdf

Zero-day polymorphic worms pose a serious threat to the security of Internet infrastructures. Given their rapid propagation, it is crucial to detect them at edge networks and automatically generate signatures in the early stages of infection. Most existing approaches for automatic signature generation need host information and are thus not applicable for deployment on high-speed network links. In this paper, we propose Hamsa, a network-based automated signature generation system for polymorphic worms which is fast, noise-tolerant and attack-resilient. Essentially, we propose a realistic model to analyze the invariant content of polymorphic worms which allows us to make analytical attack-resilience guarantees for the signature generation algorithm. Evaluation based on a range of polymorphic worms and polymorphic engines demonstrates that Hamsa significantly outperforms Polygraph [16] in terms of efficiency, accuracy, and attack resilience.


< Back to the Sec & Crypto reading group page
Created and maintained by Mihai Christodorescu (http://www.cs.wisc.edu/~mihai)
Created: Fri Jan 27 11:58:07 2006
Last modified: Fri Jan 27 11:59:05 Central Standard Time 2006
 
Computer Science | UW Home