Automatic Worm Signature Generation Based on Vulnerability
Intrusion detection systems normally depend on signatures to identify attacks,which are manually created by security experts in most cases,but manually signature generation method cant meet with the requirement of the detection to the worms,a fast spreading and varying malicious code,so,we propose a new automatic worm signature generation method based on vulnerability,which can automatically generate snort signature by extracting the memory fingerprint and network information of the captured worm. The experiments showed that the signature is short,but with low false negative rate and false positive rate.
network security worm honeypot signature generation
Zhang Chunhua Guo Shanqing Cui Lizheng Xu Qiuliang
Computer Science of Shandong University
国际会议
2009 International Conference on Information,Electronic and Computer Science(2009 国际信息、电子与计算机工程学术会议)
青岛
英文
83-86
2009-11-21(万方平台首次上网日期,不代表论文的发表时间)