Effective worm detection for various scan techniques | Zendy

Jianhong Xia | Zendy; Sarma Vangala | Zendy; Jiang Wu | Zendy; Lixin Gao | Zendy; Kevin Kwiat | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Effective worm detection for various scan techniques

Author(s) -

Jianhong Xia,

Sarma Vangala,

Jiang Wu,

Lixin Gao,

Kevin Kwiat

Publication year - 2006

Publication title -

journal of computer security

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.201

H-Index - 56

eISSN - 1875-8924

pISSN - 0926-227X

DOI - 10.3233/jcs-2006-14403

Subject(s) - computer science , artificial intelligence , computer vision

In recent years, the threats and damages caused by active worms have become more and more serious. In order to reduce the loss caused by fast-spreading active worms, an effective detection mechanism to quickly detect worms is desired. In this paper, we first explore various scan strategies used by worms on finding vulnerable hosts. We show that targeted worms spread much faster than random scan worms. We then present a generic worm detection architecture to monitor malicious worm activities. We propose and evaluate our detection mechanism called Victim Number Based Algorithm. We show that our detection algorithm is effective and able to detect worm events before 2% of vulnerable hosts are infected for most scenarios. Furthermore, in order to reduce false alarms, we propose an integrated approach using multiple parameters as indicators to detect worm events. The results suggest that our integrated approach can differentiate worm attacks from DDoS attacks and benign scans.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research