ERASER : evasion resistant signature extractor for worms

dc.contributor.advisorZhang, Yin, doctor of computer science
dc.creatorKaryampudi, Umamaheswararao
dc.date.accessioned2017-03-23T14:56:13Z
dc.date.available2017-03-23T14:56:13Z
dc.date.issued2007-05
dc.description.abstractIn this thesis, we describe Evasion-Resistant Automated Signature ExtractoR (ERASER), a novel method for extracting content-based worm signatures in an evasion-resistant fashion. Despite much progress on content-based worm signature extraction, several recent studies show that evasive worms can easily render existing methods ineffective (i.e., cause them to miss almost 100% of worm instances, or raise their false positive ratio to intolerable levels) by polymorphising the worm payloads or by poisoning network traffic with carefully crafted, misleading patterns. The evasive attacks by polymorphisation include: Red herring attacks, Correlated Outlier Attacks and AZ attacks. ERASER achieves evasion resistance by exploiting two novel ideas: (i) domainspecific feature selection, which focuses on "smoking gun" features characteristic of worms, i.e., substrings that are invariant across different worm instances and rarely appear in normal traffic, (ii) adversary-aware signature learning, which forces each "successful" evasion to reveal a significant amount of information about the true invariant signatures. ERASER is provably evasion-resistant even in the presence of multiple colluding worms. We develop a prototype system of ERASER and evaluate its performance using both real and synthetic worm payloads combined with a large amount of real Internet traffic data collected at a tier-1 ISP and an edge network. Our results show that ERASER is highly accurate in the presence of a broad range of evasion attacks.en_US
dc.description.departmentComputer Science
dc.format.mediumelectronicen_US
dc.identifierdoi:10.15781/T2XD0R33G
dc.identifier.urihttp://hdl.handle.net/2152/46168
dc.language.isoengen_US
dc.relation.ispartofUT Electronic Theses and Dissertationsen_US
dc.rightsCopyright © is held by the author. Presentation of this material on the Libraries' web site by University Libraries, The University of Texas at Austin was made possible under a limited license grant from the author who has retained all copyrights in the works.en_US
dc.rights.restrictionRestricteden_US
dc.subjectEvasion-Resistant Automated Signature ExtractoR (ERASER)en_US
dc.subjectContent-based worm signature extractionen_US
dc.subjectEvasion attacksen_US
dc.titleERASER : evasion resistant signature extractor for wormsen_US
dc.typeThesisen_US
dc.type.genreThesisen_US
thesis.degree.departmentComputer Sciencesen_US
thesis.degree.disciplineComputer Sciencesen_US
thesis.degree.grantorUniversity of Texas at Austinen_US
thesis.degree.levelMastersen_US
thesis.degree.nameMaster of Artsen_US

Access full-text files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
txu-oclc-170966026.pdf
Size:
431.6 KB
Format:
Adobe Portable Document Format
Description:
Access restricted to UT Austin EID holders

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.66 KB
Format:
Item-specific license agreed upon to submission
Description: