ABSTRACT
This chapter discusses the significant relevant works done so far in the area of automated signature generation for zero-day polymorphic worms. The objective is that readers could obtain the additional reading resources to investigate the technical details and positions of various researchers. The system operates at the network level by filtering unwanted traffic using a local router and operates at the host level by allowing polymorphic worms to interact with honeynet 1 and honeynet 2 hosts. The modified Knuth-Morris-Pratt algorithm compares the polymorphic worm substrings to find the multiple invariant substrings that are shared between all polymorphic worm instances and uses them as signatures. Polymorphic worms can have little invariant content across attack messages, thereby making it difficult to match them with byte strings. The system is also configured with a minimum signature size, which can result in false negatives, especially with polymorphic worms.
