A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Detection of Silent Worms using Anomaly Connection Tree
AINA '07 Proceedings of the 21st International Conference on Advanced Networking and Applications
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
vEye: behavioral footprinting for self-propagating worm detection and profiling
Knowledge and Information Systems
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Sophisticated industrial worms, such as Stuxnet, Flame, Duqu, have brought much threat in industrial networks. Most existing detection methods use content pattern or aggressive activities as a clue to the existence of worms, which are ineffective against worms that don't have their pattern been known and don't behave aggressively. To detect such worms, we proposed Cloud-based Behavior Similarity Transmission Method (CBSTM). CBSTM is a cloud-based method that utilizes the fundamental feature that a worm propagates from host to host. It monitors behaviors on each host in industrial networks. When same behaviors propagate among hosts and meet given criteria, corresponding hosts are believed to be infected by worms. When the worm is detected, the found behavior sequence is used as this worm's signature to realize instant worm detection afterwards. Since CBSTM doesn't need specific characteristics of worms, it can be generally applied to detecting any worms in industrial networks. The evaluation with detecting Stuxnet confirms the effectiveness of CBSTM.