A Distributed Framework for the Detection of New Worm-Related Malware

Authors:
Boris Rozenberg;Ehud Gudes;Yuval Elovici
Affiliations:
Deutche Telekom Laboratories at Ben Gurion University, Beer Sheva, Israel 84105;Deutche Telekom Laboratories at Ben Gurion University, Beer Sheva, Israel 84105;Deutche Telekom Laboratories at Ben Gurion University, Beer Sheva, Israel 84105
Venue:
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
Year:
2008

Citing 10
Cited 2

On power-law relationships of the Internet topology

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Inside the Slammer Worm

IEEE Security and Privacy
Monitoring and early warning for internet worms

Proceedings of the 10th ACM conference on Computer and communications security
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
On the performance of internet worm scanning strategies

Performance Evaluation
Automated worm fingerprinting

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms

IEEE Transactions on Dependable and Secure Computing

SISR --- A New Model for Epidemic Spreading of Electronic Threats

ISC '09 Proceedings of the 12th International Conference on Information Security
Toward early warning against Internet worms based on critical-sized networks

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and the results are promising.