Zero-day Polymorphic Worms Detection Using A modified Boyer-Moore Algorithm

摘要

Internet worms cause a great damage to network and information infrastructure. Therefore, the networks must be protected against Internet worms and other attacks. In this paper we propose automatic system for signature generation for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. The system is based on a Boyer-Moore Algorithm that uses polymorphic worm substrings to find multiple invariant substrings that are shared between all polymorphic worm instances and use them as signatures. The system is able to generate accurate signatures for single and multiple worms.