Zero-day Polymorphic Worm Collection Method

This chapter describes the zero-day polymorphic worm collection method and explores the signature generation algorithms: substring extraction algorithm, modified Knuth-Morris-Pratt algorithm, and modified principal component analysis algorithm. It discusses the design of a double-honeynet system and explains the following: these are Information about the software used to implement the dou-ble-honeynet system and Double-honeynet system configurations using VMware. The purpose of the double-honeynet system is to detect unknown worms automatically. A key contribution of this system is the ability of distinguishing worm activities from normal activities without any involvement of experts in the field. Unknown Internet worms pose a major threat to Internet infrastructure security, and their destruction causes losses of millions of dollars. The honeypot was transparently connected to the Internet through the honeywall, which in turn intercepted all outbound and inbound traffic. Therefore, malicious traffic targeting the honeypot or malicious traffic generated by the compromised hon-eypot was available to us from the honeywall for further analysis and investigation.