Malicious software has become a big threat to informationsystems, which are widely used to store, transfer and processinformation for many critical assets. Worms are one of the mostharmful network-enabled malicious software that can threaten networksand applications. Two main characteristics of worms distinguish themfrom the well-known virus programs and as a result are much moredangerous than the virus programs. First, they do not need to attachthemselves to an existing program. Second, worms do not requireend-user interaction to realize the intended attack. Therefore, alarge number of victims can be infected in a short time. Polymorphicworms are a special subset of worm family which are more difficult todetect. Polymorphism is the key that facilitates creating differentlooking polymorphic worm copies while keeping the original worm codeintact. Each variant for a polymorphic worm has a different patternthat it is not effective to use simple signature matching techniques.In this work, Strong Token-Pair(STP) signature scheme has beenproposed to detect polymorphic worms. Experimental results supportthat STP signatures can be used with low false negative and falsepositive rates.
展开▼