×

Hamsa

swMATH ID: 23930
Software Authors: Li, Z., Sanghi, M., Chen, Y., Kao, M.Y., Chavez, B.
Description: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. Zero-day polymorphic worms pose a serious threat to the security of Internet infrastructures. Given their rapid propagation, it is crucial to detect them at edge networks and automatically generate signatures in the early stages of infection. Most existing approaches for automatic signature generation need host information and are thus not applicable for deployment on high-speed network links. In this paper, we propose Hamsa, a network-based automated signature generation system for polymorphic worms which is fast, noise-tolerant and attack-resilient. Essentially, we propose a realistic model to analyze the invariant content of polymorphic worms which allows us to make analytical attack-resilience guarantees for the signature generation algorithm. Evaluation based on a range of polymorphic worms and polymorphic engines demonstrates that Hamsa significantly outperforms Polygraph (J. Newsome et al., 2005) in terms of efficiency, accuracy, and attack resilience
Homepage: https://ieeexplore.ieee.org/document/1623999/
Related Software: Polygraph; Autograph; Snort; Panorama; KEA; FIRMA; VAMO; ExecScent; BitShred; PhishEye; BotProfiler; BotTokenizer; BotMiner; BotSniffer; pytbull; RRE; BLINC; longmemo; Lua; Matlab
Cited in: 2 Publications

Cited in 1 Serial

1 Machine Learning

Citations by Year