A Quasi-Species Approach for Modeling the Dynamics of Polymorphic Worms
A Quasi-Species Approach for Modeling the Dynamics of Polymorphic Worms
Polymorphic worms can change their byte sequence as they replicate and propagate, thwarting the traditional signature analysis techniques used by many intrusion detection systems (IDSes). As the incidence of such worms becomes more frequent, it is important to understand their behavior and interaction with the IDSes in order to develop effective strategies to control their propagation. In this paper, we propose a model based on coevolution of biological quasi-species to characterize the propagation of polymorphic worms and the effects of dynamic IDSes which improve their detection capability with time. The model is used to derive the maximum allowable response time of the IDS in order to contain the worm and the optimal mutation rate the worm should use in order to escape an IDS with a given response time. The observations from the model are validated using simulations with the ADMmutate polymorphic engine.
- Rensselaer Polytechnic Institute United States
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).5 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!