Efficient hybrid technique for detecting zero-day polymorphic worms

Kaur, Ratinder; Singh, Maninder

doi:10.1109/iadcc.2014.6779301

Cited by 10 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A false positive is the opposite of false negative which is wrongly declaring that a traffic contains a worm, but it is actually clean. "Avoiding both types of mis-detections is a worthy goal for virus software, but has been proved to be theoretically impossible" [28], [32], [33]. Keeping a balance between them is needed.…”

Section: Percentages Of False Positives and False Negativesmentioning

confidence: 99%

Detecting Zero-day Polymorphic Worms with Jaccard Similarity Algorithm

Almarshad¹,

Mohammed²,

Pathan

2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

Zero-day polymorphic worms pose a serious threat to the security of Mobile systems and Internet infrastructure. In many cases, it is difficult to detect worm attacks at an early stage. There is typically little or no time to develop a well-constructed solution during such a worm outbreak. This is because the worms act only to spread from node to node and they bring security concerns to everyone using Internet via any static or mobile node. No system is safe from an aggressive worm crisis. However, many of the characteristics of a worm can be used to defeat it, including its predictable behavior and shared signatures. In this paper, we propose an efficient signature generation method based on string similarity algorithms to generate signatures for Zero-day polymorphic worms. Then, these signatures are practically applied to an Intrusion Detection System (IDS) to prevent the network from such attacks. The experimental results show the efficiency of the proposed approach compared to other existing mechanisms.

show abstract

Section: Percentages Of False Positives and False Negativesmentioning

confidence: 99%

Detecting Zero-day Polymorphic Worms with Jaccard Similarity Algorithm

Almarshad¹,

Mohammed²,

Pathan

2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

show abstract

“…To overcome the challenges associated with the statistical-based technique and behaviour-based technique, a hybrid-based technique is evolved. In a hybrid-based mechanism, signature schemes are integrated based on the applications [17][18][19][20][21]. Based on this, Kaur and Singh [18] developed a zero-day attack identification using a hybrid approach.…”

Section: Related Workmentioning

confidence: 99%

Cloud Zero-Day Attack Detection Using Hidden Markov Model with Transductive Learning

Rana

Hossan

Adel³

2021

Preprint

View full text Add to dashboard Cite

In cloud security, detecting attack software is considered an essential task. Among several attack types, a zero-day attack is considered as most problematic because the antivirus cannot able to remove it. The existing attack detection model uses stored data about attack characteristics, which fails to detect zero-attack where an altered attack is implemented for an antivirus system to detect the attack. To detect and prevent zero-day attacks, this paper proposed a model stated as Hidden Markov Model Transductive Deep Learning (HMM_TDL), which generates hyper alerts when an attack is implemented. Also, the HMM_TDL assigns labels to data in the network and periodically updates the database (DB). Initially, the HMM model detects the attacks with hyper alerts in the database. In the next stage, transductive deep learning incorporates k-medoids for clustering attacks and assign labels. Finally, the trust value of the original data is computed and computed in the database based on the value network able to classify attacks and data. The developed HMM_TDL is trained with consideration of two datasets such as NSL-KDD and CIDD. The comparative analysis of HMM_TDL exhibits a higher accuracy value of 95% than existing attack classification techniques.

show abstract

“…Kaur et al [21] developed a hybrid anomaly and signature detection system which was used to detect zero-day polymorphic worms in an active network flow. The system architecture had three components such as suspected traffic filter (STF), zero attack evaluation (ZAE), and signature generator (SG).…”

Section: Hybrid-based Analysismentioning

confidence: 99%

Improvement of Malware Classification Using Hybrid Feature Engineering

et al. 2019

View full text Add to dashboard Cite

Polymorphic malware has evolved as a major threat in Computer Systems. Their creation technology is constantly evolving using sophisticated tactics to create multiple instances of the existing ones. Current solutions are not yet able to sufficiently address this problem. They are mostly signature based; however, a changing malware means a changing signature. They, therefore, easily evade detection. Classifying them into their respective families is also hard, thus making elimination harder. In this paper, we propose a new feature engineering (NFE) approach for a better classification of polymorphic malware based on a hybrid of structural and behavioural features. We use accuracy, recall, precision, and F score to evaluate our approach. We achieve an improvement of 12% on accuracy between raw features and NFE features. We also demonstrated the robustness of NFE on feature selection as compared to other feature selection techniques.

show abstract

Efficient hybrid technique for detecting zero-day polymorphic worms

Cited by 10 publications

References 13 publications

Detecting Zero-day Polymorphic Worms with Jaccard Similarity Algorithm

Detecting Zero-day Polymorphic Worms with Jaccard Similarity Algorithm

Cloud Zero-Day Attack Detection Using Hidden Markov Model with Transductive Learning

Improvement of Malware Classification Using Hybrid Feature Engineering

Contact Info

Product

Resources

About