Efficient Method for Detecting Worm Virus based Bloom- like Connection Behavior
نویسندگان
چکیده
The effort required for detecting worm viruses, that threaten the reliability and stability of network resources, is in the process of advancing, demanding increasingly sophisticated resources. Pattern-based worm virus detection systems use detection methods, which focus on pattern analysis for specific worm viruses. In the event of a different attack method, or a new attack occurs, current systems suffer from the problem of being unable to detect the worm virus quickly. This paper proposes a worm virus detection system that focuses on a common feature of worm viruses, which attempt many connections in a scanning process. The central contribution of the proposed system is to decrease the response time of an attack.
منابع مشابه
A Traffic Signature-based Algorithm for Detecting Scanning Internet Worms
Internet worms that spread autonomously from one host to another cause major problem in today’s networks. On 25th January 2003, “Slammer” was released into the internet and after ten minutes the worm infected more than 90% of vulnerable hosts. Worms cause damage to the network by consuming its resources such as bandwidth. In this paper, we propose a method for detecting traffic signature for un...
متن کاملBehavior-Based Worm Detectors Compared
Many worm detectors have been proposed and are being deployed, but the literature does not clearly indicate which one is the best. New worms such as IKEE.B (also known as the iPhone worm) continue to present new challenges to worm detection, further raising the question of how effective our worm defenses are. In this paper, we identify six behavior-based worm detection algorithms as being poten...
متن کاملLimiting Self-propagating Malware Based on Connection Failure Behavior
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to infect servers and then use them to scan the Internet for more vulnerable servers. While the mechanisms of worm infection and their propagation models are well understood, defense against worms remains an open problem. One branch of defense research investigates the behavioral difference between worminf...
متن کاملSWORD: Self-propagating Worm Observation and Rapid Detection
As the launching of a worm can have disastrous effects on the Internet in just minutes, it is essential to automatically and reliably detect worms in their early stages. In contrast to content-based approaches, in this paper we study the feasibility of a behavior-based solution through our SWORD framework. As SWORD does not inspect the payload of traffic, it is resilient against polymorphic wor...
متن کاملLimiting Self-Propagating Malware Based on Connection Failure Behavior through Hyper-Compact Estimators
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to infect servers and then use them to scan the Internet for more vulnerable servers. While the mechanisms of worm infection and their propagation models are well understood, defense against worms remains an open problem. One branch of defense research investigates the behavioral difference between worm-in...
متن کامل