A Novel Worm Detection Model Based on Host Packet Behavior Ranking

Authors:
Fengtao Xiao;Huaping Hu;Bo Liu;Xin Chen
Affiliations:
School of Computer Science, National University of Defense Technology, Chang Sha, 410073;School of Computer Science, National University of Defense Technology, Chang Sha, 410073 and The 61070 Army Fu Zhou, Fu Jian, China 350003;School of Computer Science, National University of Defense Technology, Chang Sha, 410073;School of Computer Science, National University of Defense Technology, Chang Sha, 410073
Venue:
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Year:
2008

Citing 13
Cited 0

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
Inside the Slammer Worm

IEEE Security and Privacy
Monitoring and early warning for internet worms

Proceedings of the 10th ACM conference on Computer and communications security
The top speed of flash worms

Proceedings of the 2004 ACM workshop on Rapid malcode
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Host Behaviour Based Early Detection of Worm Outbreaks in Internet Backbones

WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
Entropy Based Worm and Anomaly Detection in Fast IP Networks

WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots

Computer Networks: The International Journal of Computer and Telecommunications Networking
Automated worm fingerprinting

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Fast Worm Containment Using Feedback Control

IEEE Transactions on Dependable and Secure Computing
ASG Automated Signature Generation for Worm-Like P2P Traffic Patterns

WAIM '08 Proceedings of the 2008 The Ninth International Conference on Web-Age Information Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traditional behavior-based worm detection can't eliminate the influence of the worm-like P2P traffic effectively, as well as detect slow worms. To try to address these problems, this paper first presents a user habit model to describe the factors which influent the generation of network traffic, then a design of HPBRWD (Host Packet Behavior Ranking Based Worm detection) and some key issues about it are introduced. This paper has three contributions to the worm detection: 1) presenting a hierarchical user habit model; 2) using normal software and time profile to eliminate the worm-like P2P traffic and accelerate the detection of worms; 3) presenting HPBRWD to effectively detect worms. Experiments results show that HPBRWD is effective to detect worms.