Anomaly detection for Internet worms

Yousof Al-Hammadi, Christopher Leckie

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Internet worms have become a major threat to the Internet due to their ability to rapidly compromise large numbers of computers. In response to this threat, there is a growing demand for effective techniques to detect the presence of worms and to reduce the worms' spread. Furthermore, existing approaches for anomaly detection of new worms suffer from scalability problems. In this paper, we present an approach for detecting worms based on similar patterns of connection activity. We then investigate how to improve the computational efficiency of worm detection by presenting a Greedy algorithm, which minimizes the amount of traffic processing needed to detect worms, thus increasing the scalability of the system. Our evaluation shows that the Greedy algorithm not only achieved high detection accuracy and reduced the amount of processing time to detect worms, but also achieved reasonable worm traffic detection in the early stages of an outbreak.

Original languageBritish English
Title of host publication2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005
Pages133-146
Number of pages14
DOIs
StatePublished - 2005
Event2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005 - Nice, France
Duration: 15 May 200519 May 2005

Publication series

Name2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005
Volume2005

Conference

Conference2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005
Country/TerritoryFrance
CityNice
Period15/05/0519/05/05

Keywords

  • Anomaly detection
  • Internet worms
  • Network intrusion detection
  • Security

Fingerprint

Dive into the research topics of 'Anomaly detection for Internet worms'. Together they form a unique fingerprint.

Cite this