DocumentCode
1919134
Title
Performance comparison of four anomaly detectors in detecting self-propagating malware on endpoints
Author
Ashfaq, Ayesha Binte ; Khayam, Syed Ali
Author_Institution
NUST Inst. of Inf. Technol., Nat. Univ. of Sci. & Technol., Rawalpindi
fYear
2008
fDate
23-24 April 2008
Firstpage
1
Lastpage
9
Abstract
Malware detection has emerged been an active area of research over the last few years. Numerous malware detection techniques have been proposed to combat this rapidly evolving threat. Notable of these detection techniques are rate limiting [10], [11] , the sample entropy based malware detection [8], maximum entropy estimation [9] and the TRW algorithm that employs sequential hypothesis testing [4]. Most of these techniques (except rate limiting) have been designed and tested on the network periphery (e.g., gateway router etc.) Recently, network endpoint comprising home and office computers have become the most prevalent and effective launch pads and carriers of malware infections. Moreover, endpoints represent the last (and sometimes the only effective) line of defense against the spread and detection of malware. Therefore, it is important that contemporary anomaly detectors´ performances be evaluated on endpoints and under high and low-rate worm propagation attacks. This paper compares the ab2ove four anomaly detection techniques using real endpoint and worm traffic data collected on operational endpoints.
Keywords
computer networks; invasive software; maximum entropy methods; statistical testing; telecommunication security; telecommunication traffic; TRW algorithm; anomaly detector performance comparison; entropy based malware detection; maximum entropy estimation; network endpoints; rate limiting technique; self-propagating malware detection; sequential hypothesis testing; worm traffic; Computer networks; Computer worms; Detectors; Entropy; Home computing; Information technology; Operating systems; Performance evaluation; Sequential analysis; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
Biometrics and Security Technologies, 2008. ISBAST 2008. International Symposium on
Conference_Location
Islamabad
Print_ISBN
978-1-4244-2427-6
Type
conf
DOI
10.1109/ISBAST.2008.4547650
Filename
4547650
Link To Document