Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks

  • 5h 10m
  • Al-Sakib Khan Pathan, Mohssen Mohammed
  • CRC Press
  • 2013

Able to propagate quickly and change their payload with each infection, polymorphic worms have been able to evade even the most advanced intrusion detection systems (IDS). And, because zero-day worms require only seconds to launch flooding attacks on your servers, using traditional methods such as manually creating and storing signatures to defend against these threats is just too slow.

Bringing together critical knowledge and research on the subject, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks details a new approach for generating automated signatures for unknown polymorphic worms. It presents experimental results on a new method for polymorphic worm detection and examines experimental implementation of signature-generation algorithms and double-honeynet systems.

If you need some background, the book includes an overview of the fundamental terms and concepts in network security, including the various security models. Clearing up the misconceptions about the value of honeypots, it explains how they can be useful in securing your networks, and identifies open-source tools you can use to create your own honeypot. There’s also a chapter with references to helpful reading resources on automated signature generation systems.

The authors describe cutting-edge attack detection approaches and detail new algorithms to help you generate your own automated signatures for polymorphic worms. Explaining how to test the quality of your generated signatures, the text will help you develop the understanding required to effectively protect your communication networks. Coverage includes intrusion detection and prevention systems (IDPS), zero-day polymorphic worm collection methods, double-honeynet system configurations, and the implementation of double-honeynet architectures.

About the Authors

Mohssen Mohammed received his B.Sc. (Honors) degree in Computer Science from Computer Man College for Computer Studies (Future University), Khartoum – Sudan in 2003. In 2006, received the M.Sc. degree in Computer Science from the Faculty of Mathematical Sciences – University of Khartoum, Sudan. In 2012 received Ph.D. degree in Electrical Engineering from Cape Town University, South Africa. He published several papers at top international conferences such as GLOBECOM and MILCOM. He has served as a Technical Program Committee member in numerous international conferences like ICSEA 2010, ICNS 2011. He got University of Cape Town prize for International Scholarship for Academic Merit (Years 2007, 2008, and 2009). From 2005 to 2012 he has been working as a permanent academic staff at the University of Juba, South of Sudan. Now he is working as Assistant Professor in the College of Computer Science & Information Technology, Bahri University, Khartoum Sudan. His research interest includes Network Security, especially Intrusion detection and prevention systems, Honeypots, Firewalls, and Malware Detection Methods.

Al-Sakib Khan Pathan received his Ph.D. degree in Computer Engineering in 2009 from Kyung Hee University, South Korea. He received B.Sc. degree in Computer Science and Information Technology from Islamic University of Technology (IUT), Bangladesh in 2003. He is currently an Assistant Professor at Computer Science department in International Islamic University Malaysia (IIUM), Malaysia. Till June 2010, he served as an Assistant Professor at Computer Science and Engineering department in BRAC University, Bangladesh. Prior to holding this position, he worked as a Researcher at Networking Lab, Kyung Hee University, South Korea till August 2009. His research interest includes wireless sensor networks, network security, and e-services technologies. He is a recipient of several awards/best paper awards and has several publications in these areas. He has served as a Chair, Organizing Committee Member, and Technical Program Committee member in numerous international conferences/workshops like HPCS, ICA3PP, IWCMC, VTC, HPCC, IDCS, etc. He is currently serving as the Editor-in-Chief of IJIDCS, an Area Editor of IJCNIS, Editor of IJCSE, Inderscience, Associate Editor of IASTED/ACTA Press IJCA and CCS, Guest Editor of some special issues of top-ranked journals, and Editor/Author of five published books. He also serves as a referee of some renowned journals. He is a member of Institute of Electrical and Electronics Engineers (IEEE), USA; IEEE Communications Society (IEEE ComSoc), USA, and IEEE ComSoc Bangladesh Chapter, and several other international organizations.

In this Book

  • The Fundamental Concepts
  • Computer Networking
  • Intrusion Detection and Prevention Systems (IDPSs)
  • Honeypots
  • Internet Worms
  • Reading Resources on Automated Signature Generation Systems
  • Signature Generation Algorithms for Polymorphic Worms
  • Zero-Day Polymorphic Worm Collection Method
  • Developed Signature Generation Algorithms