Proceedings of the 2007 International Conference on Intelligent Systems and Knowledge Engineering (ISKE 2007)

Online Detect Polymorphic Exploit Based on Data Mining

Authors
Wei Wang1, Huazhang Wang, Daisheng Luo, Yong Fang
1Institute of Image & Information, Sichuan University, China
Corresponding Author
Wei Wang
Available Online October 2007.
DOI
10.2991/iske.2007.216How to use a DOI?
Keywords
Data-mining, polymorphic worms, security
Abstract

In recent years, Internet worms increasingly threaten the Internet hosts and service and polymorphic worms can evade signature-based intrusion detection systems. We propose DMPolD (Data Ming Polymorphism Detection) to detect polymorphic exploit based on semantic signature and data-mining. We analyze the feature of polymorphic exploit and the feature of perfect ones. We propose a method to online detect worm through recognize JUMP address based on data-mining i.e., Bayes. To prove this idea, we implement a plug-in of Snort – ODMSnort and do the experiment on it. The evaluation results show that DMPolD can detect polymorphic exploit and has very low false-positive.

Copyright
© 2007, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2007 International Conference on Intelligent Systems and Knowledge Engineering (ISKE 2007)
Series
Advances in Intelligent Systems Research
Publication Date
October 2007
ISBN
978-90-78677-04-8
ISSN
1951-6851
DOI
10.2991/iske.2007.216How to use a DOI?
Copyright
© 2007, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Wei Wang
AU  - Huazhang Wang
AU  - Daisheng Luo
AU  - Yong Fang
PY  - 2007/10
DA  - 2007/10
TI  - Online Detect Polymorphic Exploit Based on Data Mining
BT  - Proceedings of the 2007 International Conference on Intelligent Systems and Knowledge Engineering (ISKE 2007)
PB  - Atlantis Press
SP  - 1269
EP  - 1275
SN  - 1951-6851
UR  - https://doi.org/10.2991/iske.2007.216
DO  - 10.2991/iske.2007.216
ID  - Wang2007/10
ER  -