Behaviour Based Worm Detection and Signature Automation
Abstract
Problem statement: A worm is a malicious piece of code that self-propagates, often via network connections, to exploit security flaws in computers connected through the network. In general, worms do not need any human intervention to propagate and are considered a real threat to network assets and the properties of organizations. An Intrusion Detection Systems (IDSs) are employed to detect the presence of the worms in the network. Approach: This study proposed a new behaviourbased worm detection and signature automation approach that consists of scanning characteristics to find vulnerable hosts and indicate the correlation between an infected host and potential destination hosts. Results: This approach can be distinguish between network scanning (random and sequential TCP and UDP worm scanning) triggered by infected and non-infected hosts. In addition, the ability to detect the worms based on its behaviours. Conclusion: Identifying network worms at an early stage can increase the protection of network services and vulnerable hosts.
DOI: https://doi.org/10.3844/jcssp.2011.1724.1728
Copyright: © 2011 Mohammed Anbar, Selvakumar Manickam, Al-Samarraie Hosam, Kok-Soon Chai, Mohmoud Baklizi and Ammar Almomani. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 3,303 Views
- 2,833 Downloads
- 1 Citations
Download
Keywords
- Network scanning
- worm detection
- Intrusion Detection Systems (IDSs)
- Artificial Neural Networks (ANNs)
- Destination-Source Correlation (DSC)