Worm detection and auto-signature extraction in large scale network

Authors:
Xin Yi;Fangbingxing Yunxiaochun
Affiliations:
Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, China
Venue:
NN'05 Proceedings of the 6th WSEAS international conference on Neural networks
Year:
2005

Citing 3
Cited 0

Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Designing a Framework for Active Worm Detection on Global Networks

IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Inside the Slammer Worm

IEEE Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays, worms have been one of the leading threats to information security and service availability. Current operational practices have not been able to manage the threat effectively. So it is very important to make early warning of the burst of worm in large scale network and extract the network signature automatically. Based on the TCP/IP Flows, the paper introduces a novel methodology to analyze the feature attributes of network traffic flow, including real-time data detection and traffic models. Integrated with data preprocessing, we construct an auto-signature extraction algorithm. We deployed them in our campus network (more than 20000 compuers with 400M/s). It is shown that the worms are detected with more efficiency and the worm signature is extracted accurately.