Fast Detection of Worm Infection for Large-Scale Networks

Fast Detection of Worm Infection for Large-Scale Networks

Internet worms constitute a major threat to the security of today’s networks. They work by exploiting vulnerabilities in operating systems and application software that run on end systems. In this paper, an effective algorithm for fast detection of worms is proposed. It integrates the worms’ behavio...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: He, Hui, Hu, Mingzeng, Zhang, Weizhe, Zhang, Hongli
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Applied sciences
Artificial intelligence
Background Traffic
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Condition Judgment
Destination Port
Exact sciences and technology
Fast Detection
Memory and file management (including protection and security)
Memory organisation. Data processing
Software
Software engineering
Traffic Distribution
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Internet worms constitute a major threat to the security of today’s networks. They work by exploiting vulnerabilities in operating systems and application software that run on end systems. In this paper, an effective algorithm for fast detection of worms is proposed. It integrates the worms’ behavior attributes with their traffic distribution and detects abnormal behavior by their similarity distribution and changes in some of their attributes. The process of fast detection based on similarity is discussed in detail including threshold selection, similarity detection algorithm and fine analysis. Simulation experiments show that the detection algorithm can locate the worm infection prior to it spreading over the large-scale network.
ISSN:0302-9743
1611-3349
DOI:10.1007/11739685_70