Behavior-Based Worm Detectors Compared
نویسندگان
چکیده
Many worm detectors have been proposed and are being deployed, but the literature does not clearly indicate which one is the best. New worms such as IKEE.B (also known as the iPhone worm) continue to present new challenges to worm detection, further raising the question of how effective our worm defenses are. In this paper, we identify six behavior-based worm detection algorithms as being potentially capable of detecting worms such as IKEE.B, and then measure their performance across a variety of environments and worm scanning behaviors, using common parameters and metrics. We show that the underlying network trace used to evaluate worm detectors significantly impacts their measured performance. An environment containing substantial gaming and file sharing traffic can cause the detectors to perform poorly. No single detector stands out as suitable for all situations. For instance, connection failure monitoring is the most effective algorithm in many environments, but it fails badly at detecting topologically aware worms.
منابع مشابه
Aggregating Detectors for New Worm Identification
Internet worms have resulted in considerable disruption of our communications infrastructure [1] and could cause much more [2]. We propose a design for coordinating a widely distributed set of network monitors to detect the emergence of new high-speed worms, develop and validate signatures for their identification, and model their spreading dynamics in real time. The primary new contribution of...
متن کاملEvaluate The Behavior of PIN infrared detector via COMSOL software
Infrared detectors can be used for a variety of applications such as: using in fiber-optic communications. Conventional technology for IR detectors is using p-i-n structure based on GaAs compound. This paper reports on the design and modeling of an IR detector using a p-i-n GaAs structure. Comsol software is used to simulate the model and the detector is discussed for terminal current, dopant p...
متن کاملRobust Reactions to Potential Day-Zero Worms Through Cooperation and Validation
Cooperative defensive systems communicate and cooperate in their response to worm attacks, but determine the presence of a worm attack solely on local information. Distributed worm detection and immunization systems track suspicious behavior at multiple cooperating nodes to determine whether a worm attack is in progress. Earlier work has shown that cooperative systems can respond quickly to day...
متن کاملModel - Based Intrusion Detection System Design and Evaluation
Eighteen years after the original Internet worm of 1988, software still suffers from vulnerabilities that allow attackers to gain illicit access to computer systems. Attackers exploit vulnerabilities to hijack control of a process’ execution as a means to access or alter a system as they desire. In this dissertation, we argue that model-based anomaly detectors can retrofit efficient attack dete...
متن کاملSWORD: Self-propagating Worm Observation and Rapid Detection
As the launching of a worm can have disastrous effects on the Internet in just minutes, it is essential to automatically and reliably detect worms in their early stages. In contrast to content-based approaches, in this paper we study the feasibility of a behavior-based solution through our SWORD framework. As SWORD does not inspect the payload of traffic, it is resilient against polymorphic wor...
متن کامل