Behavior-based worm detectors compared
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
SMURFEN: a system framework for rule sharing collaborative intrusion detection
Proceedings of the 7th International Conference on Network and Services Management
Defending against internet worms using honeyfarm
Proceedings of the CUBE International Information Technology Conference
Resilience strategies for networked malware detection and remediation
NSS'12 Proceedings of the 6th international conference on Network and System Security
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
A modular multi-location anonymized traffic monitoring tool for a WiFi network
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Self-duplicating, self-propagating malicious codes known as computer worms spread themselves without any human interaction and launch the most destructive attacks against computer networks. At the same time, being fully automated makes their behavior repetitious and predictable. This article presents a survey and comparison of Internet worm detection and containment schemes. We first identify worm characteristics through their behavior, and then classify worm detection algorithms based on the parameters used in the algorithms. Furthermore, we analyze and compare different detection algorithms with reference to the worm characteristics by identifying the type of worms that can and cannot be detected by these schemes. After detecting the existence of worms, the next step is to contain them. This article explores the current methods used to slow down or stop the spread of worms. The locations to implement detection and containment, as well as the scope of each of these systems/methods, are also explored in depth. Finally, this article points out the remaining challenges of worm detection and future research directions.