| | |
Summary: Automated Worm Fingerprinting
Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage
Department of Computer Science and Engineering
University of California, San Diego
Abstract
Network worms are a clear and growing threat to the se-
curity of today's Internet-connected hosts and networks.
The combination of the Internet's unrestricted connec-
tivity and widespread software homogeneity allows net-
work pathogens to exploit tremendous parallelism in
their propagation. In fact, modern worms can spread so
quickly, and so widely, that no human-mediated reaction
can hope to contain an outbreak.
In this paper, we propose an automated approach
for quickly detecting previously unknown worms and
viruses based on two key behavioral characteristics
a common exploit sequence together with a range of
unique sources generating infections and destinations be-
ing targeted. More importantly, our approach called
"content sifting" automatically generates precise sig-
|
