DocumentCode
2332133
Title
PTBBWD: A Fast Process Traffic Behavior Based Worm Detection Algorithm
Author
Xiao Fengtao ; Hu Huaping ; Liu Bo ; Chen Xin
Author_Institution
Sch. of Comput. Sci., Nat. Univ. of Defense Technol., Changsha
fYear
2008
fDate
20-20 Nov. 2008
Firstpage
181
Lastpage
186
Abstract
An algorithm named PTBBWD is presented to detect worms. It is process traffic behavior based and has considered three important behaviors: total amount of source ports in wormlike traffic, changing frequency of source ports in wormlike process traffic and the wormlike traffic proportion of the total process traffic. Unlike similar work before, PTBBWD checks the frequency and the total amount of source ports only when a process is sending wormlike traffic. Experiments using applications in the wild show that PTBBWD can detect worms quickly and correctly with small false positives.
Keywords
invasive software; frequency checking; process traffic behavior based worm detection algorithm; source ports; Computer network management; Computer worms; Detection algorithms; Frequency; Information management; Information technology; Internet; Seminars; Technology management; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
Future Information Technology and Management Engineering, 2008. FITME '08. International Seminar on
Conference_Location
Leicestershire, United Kingdom
Print_ISBN
978-0-7695-3480-0
Type
conf
DOI
10.1109/FITME.2008.150
Filename
4746470
Link To Document