As Internet worms become ever faster and more sophisticated, it is important to be able to extract worm signatures in an accurate and timely manner. In this paper, we apply machine learning to automatically fingerprint polymorphic worms, which are able to change their appearance across every instance. Using real Internet traces and synthetic polymorphic worms, we evaluated the performance of several advanced machine learning algorithms, including naive Bayes, decision-tree induction, rule learning (RIPPER), and support vector machines. The results are very promising. Compared with Polygraph, the state of the art in polymorphic worm fingerprinting, several machine learning algorithms are able to generate more accurate signatures, tolerate more noise in the training data, and require much shorter training time. These results open the possibility of applying machine learning to build a fast and accurate online worm fingerprinting system.

PDF, PS

In Proceedings of the 3rd IEEE International Conference on Autonomic Computing (ICAC-2006), Dublin, Ireland, June 2006. Poster Session.

@InProceedings{yang:icac06, title={Fast and Effective Worm Fingerprinting via Machine Learning}, author={Stewart Yang and Jianping Song and Harish Rajamani and Taewon Cho and Yin Zhang and Raymond Mooney}, booktitle={Proceedings of the 3rd IEEE International Conference on Autonomic Computing (ICAC-2006)}, month={June}, address={Dublin, Ireland}, note={Poster Session}, url="http://www.cs.utexas.edu/users/ai-lab?yang:icac06", year={2006} }