Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks
Polymorphic worm attacks are considered one of the top threats to Internet security. They can be used to delay networks, steal information, delete information, and launch flooding attacks against servers. This book supplies unprecedented coverage of how to generate automated signatures for unknown p...
Saved in:
| Main Author | |
|---|---|
| Format | eBook |
| Language | English |
| Published |
United Kingdom
Auerbach Publications
2013
CRC Press Auerbach Publishers, Incorporated |
| Edition | 2 |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9781466557284 1466557281 9781466557277 1466557273 9780367380038 036738003X |
| DOI | 10.1201/b14912 |
Cover
| Abstract | Polymorphic worm attacks are considered one of the top threats to Internet security. They can be used to delay networks, steal information, delete information, and launch flooding attacks against servers. This book supplies unprecedented coverage of how to generate automated signatures for unknown polymorphic worms. Describing attack detection approaches and automated signature generation systems, the book details the design of double-honeynet systems and the experimental investigation of these systems. It also discusses experimental implementation of signature-generation algorithms and discusses what we can expect in future developments. |
|---|---|
| AbstractList | Polymorphic worm attacks are considered one of the top threats to Internet security. They can be used to delay networks, steal information, delete information, and launch flooding attacks against servers. This book supplies unprecedented coverage of how to generate automated signatures for unknown polymorphic worms. Describing attack detection approaches and automated signature generation systems, the book details the design of double-honeynet systems and the experimental investigation of these systems. It also discusses experimental implementation of signature-generation algorithms and discusses what we can expect in future developments. Able to propagate quickly and change their payload with each infection, polymorphic worms have been able to evade even the most advanced intrusion detection systems (IDS). And, because zero-day worms require only seconds to launch flooding attacks on your servers, using traditional methods such as manually creating and storing signatures to defend against these threats is just too slow.Bringing together critical knowledge and research on the subject, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networksdetails a new approach for generating automated signatures for unknown polymorphic worms. It presents experimental results on a new method for polymorphic worm detection and examines experimental implementation of signature-generation algorithms and double-honeynet systems.If you need some background, the book includes an overview of the fundamental terms and concepts in network security, including the various security models. Clearing up the misconceptions about the value of honeypots, it explains how they can be useful in securing your networks, and identifies open-source tools you can use to create your own honeypot. There's also a chapter with references to helpful reading resources on automated signature generation systems.The authors describe cutting-edge attack detection approaches and detail new algorithms to help you generate your own automated signatures for polymorphic worms. Explaining how to test the quality of your generated signatures, the text will help you develop the understanding required to effectively protect your communication networks. Coverage includes intrusion detection and prevention systems (IDPS), zero-day polymorphic worm collection methods, double-honeynet system configurations, and the implementation of double-honeynet architectures. Able to propagate quickly and change their payload with each infection, polymorphic worms have been able to evade even the most advanced intrusion detection systems (IDS). And, because zero-day worms require only seconds to launch flooding attacks on your servers, using traditional methods such as manually creating and storing signatures to de |
| Author | Mohammed, Mohssen Pathan, Al-Sakib Khan |
| Author_xml | – sequence: 1 fullname: Mohammed, Mohssen |
| BookMark | eNqNkU9vFCEYhzH-iW1dP8PEg6aHVWAYBi4m69raJk31YDTxQhgGuuMwsPKybffbl-7oXS6QvA8_wvM7Rs9CDBah1wS_JxSTDx1hktAn6BgzKrEUhPGnaCHbxwNvmpYK9gIdiaauOeaifokWAL9xWaItc36Erle7HCedB1N9ts4GsNXqRg8BcvXLprjs9b76Fv1-imm7KdDPmCaohlCt4zTtwmDK1Riqa5vvYhrhFXrutAe7-LufoB_nZ9_XF8urr18u16urpWZEcrZsiaa9o6btRc-lEL2QxnaidUz3klPpMKeGcykZayTGXWOIE4aa3poyxU19gt7OwTAO3kN0WXUxjkDZfau6EcoXGyIbWcDTGdQw2jvYRJ9B3Xp7oNXBlKCUlEz8P-w_q4V9N7PbFP_sLGR1wIwNOWmvzj6tCS0NYV7IjzM5BFfs6SLK9yrrvY_JJR3MAPMDBKvHUtVcqrq1CYpbWgLezAFGg_ZDGNQUQ7xJersBxaSQROD6AZZ1n2g |
| ContentType | eBook |
| Copyright | 2013 by Taylor & Francis Group, LLC |
| Copyright_xml | – notice: 2013 by Taylor & Francis Group, LLC |
| DBID | I4C |
| DEWEY | 004 |
| DOI | 10.1201/b14912 |
| DatabaseName | Casalini Torrossa eBooks Institutional Catalogue |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 0429098146 9780429098147 9781466557284 1466557281 1482219050 9781482219050 |
| Edition | 2 1 |
| Editor | Pathan, Al-Sakib Khan |
| Editor_xml | – sequence: 1 fullname: Pathan, Al-Sakib Khan |
| ExternalDocumentID | bks00051959 9781482219050 9781466557284 EBC1220106 10_1201_b14912_version2 4989180 |
| Genre | Electronic books |
| GroupedDBID | 20A 38. 5~G 6XM AABBV AALIM AAPZQ ABARN ABBFG ABQPQ ACDAZ ACGYG ACLGV ACNUM ADVEM ADYHE AEGEX AERYV AEUHU AFIZQ AFOJC AIENH AIXXW AJFER AJS AKQZE AKSCQ ALMA_UNASSIGNED_HOLDINGS ATPON AXTGW AZZ BBABE BQVRA CZZ DRU EBATF GEOUK I4C INALI JG1 JJU JTX MX7 MYL NEQ NEV PQQKQ WZT AHWGJ ABYSD |
| ID | FETCH-LOGICAL-a41964-71a2df2c7d8d6988d89ceb87f4ad9629f062c6699445900b5c1f8c2cdec629053 |
| ISBN | 9781466557284 1466557281 9781466557277 1466557273 9780367380038 036738003X |
| IngestDate | Fri Aug 15 18:50:38 EDT 2025 Fri Nov 08 03:28:23 EST 2024 Tue Mar 18 04:12:34 EDT 2025 Wed Sep 10 04:59:14 EDT 2025 Fri Mar 28 04:26:40 EDT 2025 Sun Jan 26 10:28:19 EST 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Keywords | Approximate String Matching Packet Filtering Worm Body Ubuntu Linux Low Interaction Honeypot Bus Topology IP Address Dual Ring Topology Tcp Port VMware GSX Server Worm Signature Factor Graphs Supervise Ml Signature Generation Process Stateful Protocol Analysis Address Space GSX Server Decryption Routine Sensitive Information High Interaction Honeypot Outbound Connections Polymorphic Worms Research Honeypots Cd Rom Drive VMware Workstation |
| LCCallNum | QA76.76.C68 M64 2013eb |
| LCCallNum_Ident | Q |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-a41964-71a2df2c7d8d6988d89ceb87f4ad9629f062c6699445900b5c1f8c2cdec629053 |
| Notes | An Auerbach book. Available also in a print ed. Mode of access: Internet via World Wide Web. Title from title screen. |
| OCLC | 853360683 |
| PQID | EBC1220106 |
| PageCount | 338 |
| ParticipantIDs | skillsoft_books24x7_bks00051959 askewsholts_vlebooks_9781482219050 askewsholts_vlebooks_9781466557284 proquest_ebookcentral_EBC1220106 informaworld_taylorfrancisbooks_10_1201_b14912_version2 casalini_monographs_4989180 |
| PublicationCentury | 2000 |
| PublicationDate | 2016 2013 2013-05-21 2016-04-19 c2013 |
| PublicationDateYYYYMMDD | 2016-01-01 2013-01-01 2013-05-21 2016-04-19 |
| PublicationDate_xml | – year: 2013 text: 2013 |
| PublicationDecade | 2010 |
| PublicationPlace | United Kingdom |
| PublicationPlace_xml | – name: United Kingdom – name: Milton – name: Boca Raton, Fla |
| PublicationYear | 2016 2013 |
| Publisher | Auerbach Publications CRC Press Auerbach Publishers, Incorporated |
| Publisher_xml | – name: Auerbach Publications – name: CRC Press – name: Auerbach Publishers, Incorporated |
| SSID | ssj0000876656 ssib056454457 |
| Score | 1.9964613 |
| Snippet | Polymorphic worm attacks are considered one of the top threats to Internet security. They can be used to delay networks, steal information, delete information,... Able to propagate quickly and change their payload with each infection, polymorphic worms have been able to evade even the most advanced intrusion detection... |
| SourceID | skillsoft askewsholts proquest informaworld casalini |
| SourceType | Aggregation Database Publisher |
| SubjectTerms | Computer algorithms Computer networks Computer viruses Data processing Computer science Machine theory Security measures |
| SubjectTermsDisplay | Computer algorithms. Computer networks -- Security measures. Computer viruses. Electronic books. Machine theory. |
| TableOfContents | Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Preface -- About the Authors -- Chapter 1 The Fundamental Concepts -- 1.1 Introduction -- 1.1.1 Network Security Concepts -- 1.1.2 Automated Signature Generation for Zero-day Polymorphic Worms -- 1.2 Our Experience and This Book's Objective -- References -- Chapter 2 Computer Networking -- 2.1 Computer Technologies -- 2.2 Network Topology -- 2.2.1 Point-to-Point Topology -- 2.2.2 Daisy-Chain Topology -- 2.2.3 Bus (Point-to-Multipoint) Topology -- 2.2.4 Distributed Bus Topology -- 2.2.5 Ring Topology -- 2.2.6 Dual-Ring Topology -- 2.2.7 Star Topology -- 2.2.8 Star-Wired Bus Topology -- 2.2.9 Star-Wired Ring Topology -- 2.2.10 Mesh Topology -- 2.2.11 Hierarchical or Tree Topology -- 2.2.12 Dual-Homing Topology -- 2.3 Internet Protocol -- 2.4 Transmission Control Protocol -- 2.5 IP Routers -- 2.6 Ethernet Switch -- 2.7 IP Routing and Routing Table -- 2.8 Discussion on Router -- 2.8.1 Access Mechanisms for Administrators -- 2.8.2 Security Policy for a Router -- 2.8.3 Router Security Policy Checklist -- 2.9 Network Traffic Filtering -- 2.9.1 Packet Filtering -- 2.9.2 Source Routing -- 2.10 Tools Used for Traffic Filtering or Network Monitoring -- 2.10.1 Packet Capture -- 2.11 Concluding Remarks -- References -- Chapter 3 Intrusion Detection and Prevention Systems (IDPSs) -- 3.1 Introduction -- 3.2 IDPS Detection Methods -- 3.2.1 Signature-Based Detection -- 3.2.2 Anomaly-Based Detection -- 3.2.3 Stateful Protocol Analysis -- 3.3 IDPS Components -- 3.4 IDPS Security Capabilities -- 3.5 Types of IDPS Technologies -- 3.5.1 Network-Based IDPSs -- 3.5.2 Wireless IDPSs -- 3.5.3 NBA Systems -- 3.5.4 Host-Based IDPS -- 3.6 Integration of Multiple IDPSs -- 3.6.1 Multiple IDPS Technologies -- 3.6.2 Integration of Different IDPS Products -- 3.7 IDPS Products 5.9 Conclusion -- References -- Chapter 6 Reading Resources on Automated Signature Generation Systems -- 6.1 Introduction -- 6.1.1 Hybrid System (Network Based and Host Based) -- 6.1.2 Network-Based Mechanisms -- 6.1.3 Host-Based Mechanisms -- References -- Chapter 7 Signature Generation Algorithms for Polymorphic Worms -- 7.1 String Matching -- 7.1.1 Exact String-Matching Algorithms -- 7.1.2 Approximate String-Matching Algorithms -- 7.2 Machine Learning -- 7.2.1 Supervised Learning -- 7.2.2 Algorithm Selection -- 7.2.3 Logic-Based Algorithms -- 7.2.4 Learning Set of Rules -- 7.2.5 Statistical Learning Algorithms -- 7.2.6 Support Vector Machines -- 7.3 Unsupervised Learning -- 7.3.1 A Brief Introduction to Unsupervised Learning -- 7.3.2 Dimensionality Reduction and Clustering Models -- 7.3.3 Expectation-Maximization Algorithm -- 7.3.4 Modeling Time Series and Other Structured Data -- 7.3.5 Nonlinear, Factorial, and Hierarchical Models -- 7.3.6 Intractability -- 7.3.7 Graphical Models -- 7.3.8 Exact Inference in Graphs -- 7.3.9 Learning in Graphical Models -- 7.3.10 Bayesian Model Comparison and Occam's Razor -- 7.4 Concluding Remark -- References -- Chapter 8 Zero-day Polymorphic Worm Collection Method -- 8.1 Introduction -- 8.2 Motivation for the Double-Honeynet System -- 8.3 Double-Honeynet Architecture -- 8.4 Software -- 8.4.1 Honeywall Roo CD-ROM -- 8.4.2 Sebek -- 8.4.3 Snort_inline -- 8.5 Double-Honeynet System Configurations -- 8.5.1 Implementation of Double-Honeynet Architecture -- 8.5.2 Double-Honeynet Configurations -- 8.6 Chapter Summary -- References -- Chapter 9 Developed Signature Generation Algorithms -- 9.1 Introduction -- 9.2 An Overview and Motivation for Using String Matching -- 9.3 The Knuth-Morris-Pratt Algorithm -- 9.3.1 Proposed Substring Extraction Algorithm -- 9.3.2 A Modified Knuth-Morris-Pratt Algorithm 3.7.1 Common Enterprise Network-Based IDPSs -- 3.7.2 Common Enterprise Wireless IDPSs -- 3.7.3 Common Enterprise NBA Systems -- 3.7.4 Common Enterprise Host-Based IDPSs -- 3.8 Concluding Remarks -- References -- Chapter 4 Honeypots -- 4.1 Definition and History of Honeypots -- 4.1.1 Honeypot and Its Working Principle -- 4.1.2 History of Honeypots -- 4.1.3 Types of Honeypots -- 4.2 Types of Threats -- 4.2.1 Script Kiddies and Advanced Blackhat Attacks -- 4.2.2 Attackers' Motivations -- 4.3 The Value of Honeypots -- 4.3.1 Advantages of Honeypots -- 4.3.2 Disadvantages of Honeypots -- 4.3.3 Roles of Honeypots in Network Security -- 4.4 Honeypot Types Based on Interaction Level -- 4.4.1 Low-Interaction Honeypots -- 4.4.2 High-Interaction Honeypots -- 4.4.3 Medium-Interaction Honeypots -- 4.5 An Overview of Five Honeypots -- 4.5.1 BackOfficer Friendly -- 4.5.2 Specter -- 4.5.3 Honeyd -- 4.5.4 ManTrap -- 4.5.5 Honeynets -- 4.6 Conclusion -- References -- Chapter 5 Internet Worms -- 5.1 Introduction -- 5.2 Infection -- 5.2.1 Code Injection -- 5.2.2 Edge Injection -- 5.2.3 Data Injection -- 5.3 Spreading -- 5.4 Hiding -- 5.4.1 Traffic Shaping -- 5.4.2 Polymorphism -- 5.4.3 Fingerprinting -- 5.5 Worm Components -- 5.5.1 Reconnaissance -- 5.5.2 Attack Components -- 5.5.3 Communication Components -- 5.5.4 Command Components -- 5.5.5 Intelligence Capabilities -- 5.6 Worm Life -- 5.6.1 Random Scanning -- 5.6.2 Random Scanning Using Lists -- 5.6.3 Island Hopping -- 5.6.4 Directed Attacking -- 5.6.5 Hit-List Scanning -- 5.7 Polymorphic Worms: Definition and Anatomy -- 5.7.1 Polymorphic Worm Definition -- 5.7.2 Polymorphic Worm Structure -- 5.7.3 Invariant Bytes -- 5.7.4 Polymorphic Worm Techniques -- 5.7.5 Signature Classes for Polymorphic Worms -- 5.8 Internet Worm Prevention Methods -- 5.8.1 Prevention of Vulnerabilities -- 5.8.2 Prevention of Exploits 9.3.3 Testing the Quality of the Generated Signature for Polymorphic Worm A -- 9.4 Modified Principal Component Analysis -- 9.4.1 An Overview of and Motivation for Using PCA in Our Work -- 9.4.2 Our Contributions in the PCA -- 9.4.3 Determination of Frequency Counts -- 9.4.4 Using PCA to Determine the Most Significant Data for Polymorphic Worm Instances -- 9.4.5 Testing the Quality of the Generated Signature for Polymorphic Worm A -- 9.5 Clustering Method for Different Types of Polymorphic Worms -- 9.6 Signature Generation Algorithm Pseudocodes -- 9.6.1 Signature Generation Process -- 9.6.2 Testing the Quality of the Generated Signature for Polymorphic Worm A -- 9.7 Chapter Summary -- 9.8 Conclusion and Recommendations for Future Work -- References -- Index |
| Title | Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks |
| URI | http://digital.casalini.it/9781466557284 https://www.taylorfrancis.com/books/9780429098147 https://ebookcentral.proquest.com/lib/[SITE_ID]/detail.action?docID=1220106 https://www.vlebooks.com/vleweb/product/openreader?id=none&isbn=9781466557284&uid=none https://www.vlebooks.com/vleweb/product/openreader?id=none&isbn=9781482219050 http://www.books24x7.com/marc.asp?bookid=51959 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3Zb9MwGLdge4C9cIsyDgvxVgXSxIntRyhFE2jTBAMqXqz4CJ1aNdKcTYi_ns9H0nQaSOwlamPLsfyzv8vfgdArTSUoCbJOcs2qBKhfmUhCSMIZnxhDlWTKGfQPj8qDr-TjvJhv8t766JJWvla_r4wruQ6q8A5wdVGy_4FsPyi8gN-ALzwBYXheEn77v9G1-LxtQq7V96YGRdSM3_4EFd-24x_mrElcbMdxswK1HlYROn0HwdSG-L5BOIgL9nVuWb1UfdgsnB07lBluFtZuwsSOvYk9RMQkX0DqlONPi7ixos3A1W_YshlMP0-3PDyCMgk0sywKkGfolaQ18yn9JWhU0e95O021UyagiwgdxEWw9gFzvEkpKMW7wGVnvR3FpbAhJN63ep4JRBkkS3-d7uqQAq2Z-zC8OKU85krqGlmXraubciwbBTN4E2awh_YquwRGAUyktU7qqGzlgk0v5aTd0ixu2eXpamWBAQ6EjJO7aNe4yJN76IZZ30d3unobOJLfB-iohx1H2HGEHXew4wHs2MOOT9d4C3bcwf4QffswO5keJLEeRlIRlzctoZMq03WmqGa65IxpxpWRjNak0rzMeJ2WmSpLzmFteZrKQk1qOGtKGwWtQG4foZ11szaPEVaFSfNa5lwTTSZMViXXuZGgDCua1nk6Qi8HyycuVv7u3orBojPyz04geYKwWcBI-93SCzh_IRG7FcRRAwatdIiGaL2dqg5FZcJof9lZI4Q74IT_bvRmFrN300nmnDzKEXrRAyr8YBn5RYVc2qC6FPzJtT-_j25vTtZTtNOenZtnIJ-28nnc7H8AhQuK1A |
| linkProvider | ProQuest Ebooks |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.title=Automatic+Defense+Against+Zero-day+Polymorphic+Worms+in+Communication+Networks&rft.au=Mohammed%2C+Mohssen&rft.au=Pathan%2C+Al-Sakib+Khan&rft.date=2013-01-01&rft.pub=CRC+Press&rft.isbn=9781466557277&rft_id=info:doi/10.1201%2Fb14912&rft.externalDocID=10_1201_b14912_version2 |
| thumbnail_m | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Fvle.dmmserver.com%2Fmedia%2F640%2F97814665%2F9781466557284.jpg http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Fvle.dmmserver.com%2Fmedia%2F640%2F97814822%2F9781482219050.jpg |