On the Effectiveness of multi-similarity for early detection of worms

On the Effectiveness of multi-similarity for early detection of worms

In this paper, an effective algorithm for early detection of worms is proposed. The early detection algorithm based on multi-similarity integrates the worms' behavior attributes with their traffic distribution and detects abnormal behavior by their similarity distribution change of some attribu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hui He, Mingzeng Hu, Hongli Zhang, Zhenjiang Tang
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Change detection algorithms
Computer science
Computer worms
Detection algorithms
Explosives
Helium
Internet
IP networks
Large-scale systems
Stochastic processes
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, an effective algorithm for early detection of worms is proposed. The early detection algorithm based on multi-similarity integrates the worms' behavior attributes with their traffic distribution and detects abnormal behavior by their similarity distribution change of some attributes. Three groups of experiments are conducted to evaluate the effectiveness of the algorithm. The results show that the multi-similarity owning the specialty of higher true positive, lower false positive and false negative. It can be conclude that the algorithm can detect the worm attack ahead of its overspreading on the large-scale network.
ISSN:2379-5352
DOI:10.1109/PDCAT.2005.258