An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
Worms continue to be a leading security threat on the Internet.This paper analyzes several of the more widespreadworms and develops a general life-cycle for them. The life-cycle,from the point of view of the victim host, consistsof four stages: target selection, exploitation, infection, andpropagation. While not all worms fall into this frameworkperfectly, by understanding them in this way, it becomes apparentthat the majority of detection techniques used todayfocus on the first three stages. This paper presents a techniquethat is used in the fourth stage to detect the class ofworms that use a horizontal scan to propagate. An argumentis also made that detection in the fourth stage is aviable, but under-used technique.