Detecting Internet worms at early stage

Author

Chen, Shigang ; Ranka, Sanjay

Author_Institution

Dept. of Comput. & Inf. Sci. & Eng., Univ. of Florida, Gainesville, FL, USA

Volume

23

Issue

10

fYear

2005

Firstpage

2003

Lastpage

2012

Abstract

Managing the security of enterprise networks has emerged to be a critical problem in the era of Internet economy. Arising as a leading threat, worms repetitively caused enormous damage to the Internet community during the past years. A new security service that monitors the ongoing worm activities on the Internet will greatly contribute to the security management of modern enterprise networks. This paper proposes an Internet-worm early warning system that automatically detects concerted scan activities and derives possible signatures of worm attacks. Its goal is to issue warning at the early stage of worm propagation and to provide necessary information for security analysts to control the damage. It reduces false positives by filtering out false scan sources. The system is locally deployable or can be codeployed amongst a group of enterprise networks. We provide both analytical and simulation studies on the responsiveness of this early warning system.

Keywords

Internet; authorisation; business communication; computer viruses; information filtering; telecommunication security; Internet-worm early warning system; automatic intrusion detection; concerted scan activity; enterprise network; false scan source filtering; security management; worm attack; Alarm systems; Automatic control; Computer worms; IP networks; Information analysis; Information filtering; Information filters; Information security; Protocols; Web and internet services; Early warning system; Internet worm; enterprise security management;

fLanguage

English

Journal_Title

Selected Areas in Communications, IEEE Journal on

Publisher

ieee

ISSN

0733-8716

Type

jour

DOI

10.1109/JSAC.2005.854124

Filename

1514529