The use of heuristics in identifying self-propagating malicious mobile code

Author

Jesse Twardus, West Virginia University

Semester

Summer

Date of Graduation

2005

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Bogan Cukic.

Abstract

Self-propagating malicious mobile code, or worms, has become a major threat to modern computer systems. As these types of viruses thrive in a networked computing environment, they have exploded in popularity in recent years.;Modern defenses have proved inadequate in protecting computer systems from the worm threat. The most often used remedy is a signature-based detection system that scans each incoming network packet for the presence of a signature identifying a specific worm. As a new worm or variant of an existing worm is released, this signature set must be updated to include definitions for the new worm or variant.;In this thesis we propose a heuristic-based system for worm detection. This system should be able to detect many different worms and worm variants using only a small heuristic set. The use of heuristics also should eliminate the need to update the rule set as new worms or worm variants are released.

Recommended Citation

Twardus, Jesse, "The use of heuristics in identifying self-propagating malicious mobile code" (2005). Graduate Theses, Dissertations, and Problem Reports. 3208.
https://researchrepository.wvu.edu/etd/3208