Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Yan Chen - Northwestern University

Students: Spring 2022, unless noted otherwise, sessions will be virtual on Zoom.

Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience

Feb 22, 2006


Due to recording problems, video of this seminar will NOT be made available.

In this talk, we will first briefly introduce the High-Performance Network Anomaly/Intrusion Detection and Mitigation (HPNAIDM) system that is currently being developed in the Northwestern Lab of Internet and Security Technology (LIST) (, and then focus on one of its components, Hamsa, as described below. The paper on Hamsa will appear in the IEEE Syposium of Security and Privacy this year.

Zero-day polymorphic worms pose a serious potential threat to the security of Internet infrastructure. Given their exponentially increased propagation speed, it is crucial to detect them at routers/gateways in the early stages of infection. Most existing approaches for automatic signature generation are host-based and are not applicable for deploying on high-speed routers. In this talk, we propose Hamsa, a network-based automated signature generation system for polymorphic worms which is fast, noise tolerant, attack resilient, and capable of detecting multiple worm in a single
application protocol. Essentially, we propose a realistic model to analyze the invariant content of polymorphic worms which allows us to make analytical attack resilience guarantees for the signature generation algorithm. Evaluation based on a range of polymorphic worms and polymorphic engines demonstrates that Hamsa significantly outperforms recent work in terms of efficiency, accuracy, and attack resilience.

About the Speaker

Dr. Yan Chen is an Assistant Professor in the Department of Electrical Engineering & Computer Science at Northwestern
University, Evanston, IL. He got his Ph.D. in Computer Science at University of California at Berkeley in 2003. His research interests include network security, network measurement, P2P systems and wireless and ad hoc networks. He won the DOE Early CAREER award in 2005 and the Microsoft Trustworthy Computing Awards in 2004 and 2005.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!