• DocumentCode
    1919134
  • Title

    Performance comparison of four anomaly detectors in detecting self-propagating malware on endpoints

  • Author

    Ashfaq, Ayesha Binte ; Khayam, Syed Ali

  • Author_Institution
    NUST Inst. of Inf. Technol., Nat. Univ. of Sci. & Technol., Rawalpindi
  • fYear
    2008
  • fDate
    23-24 April 2008
  • Firstpage
    1
  • Lastpage
    9
  • Abstract
    Malware detection has emerged been an active area of research over the last few years. Numerous malware detection techniques have been proposed to combat this rapidly evolving threat. Notable of these detection techniques are rate limiting [10], [11] , the sample entropy based malware detection [8], maximum entropy estimation [9] and the TRW algorithm that employs sequential hypothesis testing [4]. Most of these techniques (except rate limiting) have been designed and tested on the network periphery (e.g., gateway router etc.) Recently, network endpoint comprising home and office computers have become the most prevalent and effective launch pads and carriers of malware infections. Moreover, endpoints represent the last (and sometimes the only effective) line of defense against the spread and detection of malware. Therefore, it is important that contemporary anomaly detectors´ performances be evaluated on endpoints and under high and low-rate worm propagation attacks. This paper compares the ab2ove four anomaly detection techniques using real endpoint and worm traffic data collected on operational endpoints.
  • Keywords
    computer networks; invasive software; maximum entropy methods; statistical testing; telecommunication security; telecommunication traffic; TRW algorithm; anomaly detector performance comparison; entropy based malware detection; maximum entropy estimation; network endpoints; rate limiting technique; self-propagating malware detection; sequential hypothesis testing; worm traffic; Computer networks; Computer worms; Detectors; Entropy; Home computing; Information technology; Operating systems; Performance evaluation; Sequential analysis; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Biometrics and Security Technologies, 2008. ISBAST 2008. International Symposium on
  • Conference_Location
    Islamabad
  • Print_ISBN
    978-1-4244-2427-6
  • Type

    conf

  • DOI
    10.1109/ISBAST.2008.4547650
  • Filename
    4547650