A worm early detection system based on multi-similarity

  • Authors:

  • Hui He;Ming-Zeng Hu;Wei-Zhe Zhang;Hong-Li Zhang

  • Affiliations:

  • Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China;Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China;Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China;Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China

  • Venue:
  • ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Internet worms are becoming a major threat to the security of today's large-scale networks. The fast spreading nature of worms calls for a worm monitoring and early detection system. In this paper, an effective algorithm for early detection of the active worms and the corresponding detection system are proposed. The detection engine is the key components to the system, and the early detection algorithm based on multi-similarity is discussed in detail, which is the core of the engine, that integrates the worms' behavior attributes with their traffic distribution and detects abnormal behavior by their similarity distribution change of some attributes. Our simulation experiments show that the system can detect the presence worms intrusion when attacks don't arouse the sharp changes of the network traffic. It can detect the worm attack ahead of its overspreading on the large-scale network.