Home // ICSEA 2014, The Ninth International Conference on Software Engineering Advances // View article

An Automated Signature Generation Method for Zero-day Polymorphic Worms Based on C4.5 Algorithm

Authors:
Mohssen Mohammed
Eisa Aleisa
Neco Ventura

Keywords: Honeynet; Polymorphic; Worms; Machine Learning; Algorithm

Abstract:
Polymorphic worms are considered as the most critical threats to the Internet security, and the difficult lies in changing their payloads in every infection attempt to avoid the security systems. In this paper, we propose an accurate signature generation system for zero-day polymorphic worms. We have designed a novel Double-honeynet system, which is able to detect zero-day polymorphic worms that have not been seen before. To generate signatures for polymorphic worms,we have two steps. The first step is the polymorphic worms sample collection which is done by the Double-honeynet system. The second step is the signature generation for the collected samples which is done by a decision tree algorithm (C4.5 algorithm). The main goal for this system is to get accurate signatures for Zero-day polymorphic worm.

Pages: 215 to 220

Copyright: Copyright (c) IARIA, 2014

Publication date: October 12, 2014

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-367-4

Location: Nice, France

Dates: from October 12, 2014 to October 16, 2014