Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive Learning
نویسندگان
چکیده
As a vast number of services have been flooding into the Internet, it is more likely for the Internet resources to be exposed to various hacking activities such as Code Red and SQL Slammer worm. Since various worms quickly spread over the Internet using self-propagation mechanism, it is crucial to detect worm propagation and protect them for secure network infrastructure. In this paper, we propose a mechanism to detect worm propagation using the computation of entropy of network traffic and the compilation of network traffic. In experiments, we tested our framework in simulated network settings and could successfully detect worm propagation.
منابع مشابه
Stochastic Model for Capturing the Probabilistic Nature of Malware Propagation on an Arbitrary Topology
Today’s computer world the Active worm’s are the major security issues in the Internet. This is because of the ability of active worms to execute in an automated fashion as they continuously attack the computers on the Internet. Here we find a new class of active worms, called as Camouflaging Worm (C-Worm). The C-Worm is different from regular worms because of its ability to change its scan tra...
متن کاملModeling and Detection of Camouflaging Worm using IP Traceback
Active worms pose major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation, and thus, pose great challenges to defend against them. A new class of active worms, referred to as Camouflaging Worm (C-Worm in short). The C-Worm is dif...
متن کاملModeling and Detection of Camouflaging Worm
Active worms pose major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation and thus pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm ...
متن کاملA Novel Approach of Detecting the Camouflaging Worm
Active worms major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation, and thus, pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm in ...
متن کاملMultiscale Modeling and Simulation of Worm Effects on the Internet Routing Infrastructure
An unexpected consequence of recent worm attacks on the Internet was that the routing infrastructure showed evidence of increased BGP announcement churn. As worm propagation dynamics are a function of the topology of a very large-scale network, a faithful simulation model must capture salient features at a variety of resolution scales. This paper describes our efforts to model worm propagation ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004