Research Article Open Access

Behaviour Based Worm Detection and Signature Automation

Mohammed Anbar, Selvakumar Manickam, Al-Samarraie Hosam, Kok-Soon Chai, Mohmoud Baklizi and Ammar Almomani

Abstract

Problem statement: A worm is a malicious piece of code that self-propagates, often via network connections, to exploit security flaws in computers connected through the network. In general, worms do not need any human intervention to propagate and are considered a real threat to network assets and the properties of organizations. An Intrusion Detection Systems (IDSs) are employed to detect the presence of the worms in the network. Approach: This study proposed a new behaviourbased worm detection and signature automation approach that consists of scanning characteristics to find vulnerable hosts and indicate the correlation between an infected host and potential destination hosts. Results: This approach can be distinguish between network scanning (random and sequential TCP and UDP worm scanning) triggered by infected and non-infected hosts. In addition, the ability to detect the worms based on its behaviours. Conclusion: Identifying network worms at an early stage can increase the protection of network services and vulnerable hosts.

Journal of Computer Science
Volume 7 No. 11, 2011, 1724-1728

DOI: https://doi.org/10.3844/jcssp.2011.1724.1728

Submitted On: 12 July 2011 Published On: 6 September 2011

How to Cite: Anbar, M., Manickam, S., Hosam, A., Chai, K., Baklizi, M. & Almomani, A. (2011). Behaviour Based Worm Detection and Signature Automation. Journal of Computer Science, 7(11), 1724-1728. https://doi.org/10.3844/jcssp.2011.1724.1728

  • 3,303 Views
  • 2,833 Downloads
  • 1 Citations

Download

Keywords

  • Network scanning
  • worm detection
  • Intrusion Detection Systems (IDSs)
  • Artificial Neural Networks (ANNs)
  • Destination-Source Correlation (DSC)