An Automated Signature Generation Method for Zero-day Polymorphic Worms Based on C4.5 Algorithm

Mohssen Mohammed, Eisa Aleisa, Neco Ventura
unpublished
Polymorphic worms are considered as the most critical threats to the Internet security, and the difficulty lies in changing their payloads in every infection attempt to avoid the security systems. In this paper, we propose an accurate signature generation system for zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect zero-day polymorphic worms that have not been seen before. To generate signatures for polymorphic worms, we have two steps. The
more » ... t step is the polymorphic worms sample collection, which is done by the double-honeynet system. The second step is the signature generation for the collected samples, which is done by a decision tree algorithm (C4.5 algorithm). The main goal for this system is to get accurate signatures for Zero-day polymorphic worm.
fatcat:utc742luv5bl7afffddyn2lrsy