Abstract | ||
---|---|---|
Recent worm increasingly threaten the availability of Internet. It is difficult to catch variety of 0day worms promptly with current signature matching approach because most signatures are developed manually. Several recent efforts to automatically extract worm signatures from Internet traffic have been done, but the efficiency is an unsolved problem especially in real high-speed network. We propose a binary clustering algorithm and a leaves preferred policy to improve the front traffic filter, which can reduce the traffic to be processed and enhance its purity. A position-aware signature generation method based bloom filter is proposed to bring better performance and more accurate signature for content-based defense. Both trace data and tcp dump data are used to test the prototype system and experiment results show the system can efficiently filter through suspicious traffic with high purity, which is no more than 25% of entire traffic, and extract more accurate signature, which can well support popular defense system such as Snort. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1109/FSKD.2008.434 | FSKD (4) |
Keywords | Field | DocType |
position-aware signature generation method,internet traffic,bloom filter,entire traffic,accurate signature,worm signature,front traffic filter,mining network traffic,current signature,worm signature extraction,suspicious traffic,popular defense system,classification algorithms,clustering algorithms,payloads,data mining,internet | Bloom filter,Data mining,Computer science,Statistical classification,Cluster analysis,Grippers,Internet traffic,Payload,The Internet,Binary number | Conference |
Citations | PageRank | References |
1 | 0.40 | 14 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Hao Tu | 1 | 72 | 7.59 |
Zhitang Li | 2 | 226 | 31.89 |
Bin Liu | 3 | 6 | 2.29 |