Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Fast Positive Approach of P-DPL in the Packet Inspection


Affiliations
1 CSE Department, Arulmigu Meenakshi Amman College of Engineering, Thiruvannamalai Dt, Near Kanchipuram, India
2 CSE Department, Ganadipathy Tulsi’s Jain Engineering College, Vellore, India
3 Arulmigu Meenakshi Amman College of Engineering, Thiruvannamalai Dt, Near Kanchipuram, India
     

   Subscribe/Renew Journal


One way to protect organizations from malware is to deploy high-speed network based intrusion detection systems on the communication lines. This approach is achieved by P-DPL. Such appliances perform deep-packet inspection in real- time and use simple signatures for detecting and removing attacks such as malware, propagating worms, denial-of-service, or remote exploitation of vulnerabilities. P-DPL is primarily intended for high-speed network traffic filtering devices that are based on deep-packet inspection. Malicious executables are analyzed using two approaches: disassembly, utilizing IDA-Pro, and the application of a dedicated state machine in order to obtain the set of functions comprising the executables. The signature extraction process is based on a comparison with a common function repository. By eliminating functions appearing in the common function repository from the signature candidate list, P-DPL can minimize the risk of false-positive detection errors. To minimize false-positive rates even further, P-DPL proposes intelligent candidate selection using an entropy score to generate signatures.

Keywords

Automatic Signature Generation (ASG), Malware, Malware Filtering, Packet-Deployment Payload (P-DPL).
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 399

PDF Views: 4




  • A Fast Positive Approach of P-DPL in the Packet Inspection

Abstract Views: 399  |  PDF Views: 4

Authors

N. Kannaiya Raja
CSE Department, Arulmigu Meenakshi Amman College of Engineering, Thiruvannamalai Dt, Near Kanchipuram, India
K. Arulanandam
CSE Department, Ganadipathy Tulsi’s Jain Engineering College, Vellore, India
G. Deepa
CSE Department, Arulmigu Meenakshi Amman College of Engineering, Thiruvannamalai Dt, Near Kanchipuram, India
M. Balaji
Arulmigu Meenakshi Amman College of Engineering, Thiruvannamalai Dt, Near Kanchipuram, India

Abstract


One way to protect organizations from malware is to deploy high-speed network based intrusion detection systems on the communication lines. This approach is achieved by P-DPL. Such appliances perform deep-packet inspection in real- time and use simple signatures for detecting and removing attacks such as malware, propagating worms, denial-of-service, or remote exploitation of vulnerabilities. P-DPL is primarily intended for high-speed network traffic filtering devices that are based on deep-packet inspection. Malicious executables are analyzed using two approaches: disassembly, utilizing IDA-Pro, and the application of a dedicated state machine in order to obtain the set of functions comprising the executables. The signature extraction process is based on a comparison with a common function repository. By eliminating functions appearing in the common function repository from the signature candidate list, P-DPL can minimize the risk of false-positive detection errors. To minimize false-positive rates even further, P-DPL proposes intelligent candidate selection using an entropy score to generate signatures.

Keywords


Automatic Signature Generation (ASG), Malware, Malware Filtering, Packet-Deployment Payload (P-DPL).