An approach for classifying internet worms based on temporal behaviors and packet flows

Authors:
Minsoo Lee;Taeshik Shon;Kyuhyung Cho;Manhyun Chung;Jungtaek Seo;Jongsub Moon
Affiliations:
Center for Information Security Technologies , Korea University, Seoul, Korea;IP Lab, TN R&D Center, Samsung Electronics, Gyeonggido, Korea;Center for Information Security Technologies , Korea University, Seoul, Korea;Center for Information Security Technologies , Korea University, Seoul, Korea;National Security Research Institute, Daejeon, Korea;Center for Information Security Technologies , Korea University, Seoul, Korea
Venue:
ICIC'07 Proceedings of the intelligent computing 3rd international conference on Advanced intelligent computing theories and applications
Year:
2007

Citing 10
Cited 0

How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations

MASCOTS '02 Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
Inside the Slammer Worm

IEEE Security and Privacy
Recent worms: a survey and trends

Proceedings of the 2003 ACM workshop on Rapid malcode
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Experiences with worm propagation simulations

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense

Proceedings of the 2003 ACM workshop on Rapid malcode
Modeling the effects of timing parameters on virus propagation

Proceedings of the 2003 ACM workshop on Rapid malcode
Simulating Internet Worms

MASCOTS '04 Proceedings of the The IEEE Computer Society's 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the growth of critical worm threats, many researchers have studied worm-related topics and internet anomalies. The researches are mainly concentrated on worm propagation and detection more than the fundamental characteristics of worms. It is very important to know worms' characteristics because the characteristics provide basic resource for worm prevention. Unfortunately, this kind of research cases are very few until now. Moreover the existing researches only focus on understanding the function structure of the worm propagation or the taxonomy of the worm according to a sequence of worm attacks. Thus, in this paper, we try to confirm the formalized pattern of the worm action from the existing researches and analyze the report of the anti-virus companies. Finally, we define the formalized actions based on temporal behaviors and worm packet flows, and we apply our proposed method for the new worm classification.