On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts
نویسندگان
چکیده
Once a host is infected by an Internet worm, prompt action must be taken before that host does more harm to its local network and the rest of the Internet. It is therefore critical to quickly detect that a worm has infected a host. In this paper, we enhance our SWORD system to allow for the detection of infected hosts and evaluate its performance. This enhanced version of SWORD inherits the advantages of the original SWORD—it does not rely on inspecting traffic payloads to search for worm byte patterns or setting up a honeypot to lure worm traffic. Furthermore, while acting as a host-level detection system, it runs at a network’s gateway and stays transparent to individual hosts. We show that our enhanced SWORD system is able to quickly and accurately detect if a host is infected by a zero-day worm. Furthermore, the detection is shown to be effective against worms of different types and speeds, including polymorphic worms.
منابع مشابه
Enhancing SWORD to Detect Zero-Day-Worm-Infected Hosts
Once a host is infected by an Internet worm, prompt action must be taken before that host does more harm to its local network and the rest of the Internet. It is therefore critical to quickly detect that a worm has infected a host. In this paper, we enhance our SWORD system to allow for the detection of infected hosts and evaluate its performance. This enhanced version of SWORD inherits the adv...
متن کاملSWORD: Self-propagating Worm Observation and Rapid Detection
As the launching of a worm can have disastrous effects on the Internet in just minutes, it is essential to automatically and reliably detect worms in their early stages. In contrast to content-based approaches, in this paper we study the feasibility of a behavior-based solution through our SWORD framework. As SWORD does not inspect the payload of traffic, it is resilient against polymorphic wor...
متن کاملPoster Proposal: Detecting Zero-Day Self-Propagating Internet Worms Based on Their Fundamental Behavior
Self-propagating worms pose a significant threat to the health of the Internet and rapid detection of them is of paramount importance. There are many existing worm detection mechanisms but all suffer from significant drawbacks: signature-based detection techniques are vulnerable to polymorphic worms, honeypots will not detect worms that do not scan random addresses, and systems that require ins...
متن کاملPrevalence and effects of Lernaea cyprinacea (anchor worm) on the growth, skin histopathology and hematology of Catla catla
The experiment was conducted to evaluate the prevalence of Lernaea cyprinacea and its effects on growth, hematology and skin histopathology of Catla catla in four experimental earthen ponds (P1, P2, P3 and P4) for 90 days. The growth performance, prevalence of Lernaea cyprinacea and ulceration was recorded on a fortnightly basis. The highest final body weight was observed in P4 (413.7 g) follow...
متن کاملA Model for Computer Worm Detection in a Computer Network
This research presents a novel approach to detecting computer worms in Computer Networks by making use of detection based on the network behavior through the collection of various parameters such as: network latency, throughput, bandwidth, response time, network utilization, packet loss and reliability. Infected hosts were tracked using an algorithm developed. Documentation of network measureme...
متن کامل