Java based Simulator to Detect Zero-Day Silent Worms using ACTM

There are different types of computer worms like email worms, IRC worms, network worms, e.t.c. silent worms are network worms which have a hit-list of vulnerable hosts and limits the number of infection activities of each copy to suppress anomaly network activities of each infected host. There are different techniques which use aggressive nature of network worms as a clue to detect network worms but these techniques aren´t effective against silent worms. Hence, anomaly connection tree method (ACTM) is used to detect silent worms. ACTM uses a worm propagation behaviour expressed as tree-like structures composed of infection connections as edges to detect silent worms. Then, by detecting connections composed of anomaly connections, ACTM detects the worms before 10% of the hosts are infected. Comparison of ACTM with other method like AC counting method is done to show that the tree structure help detect the worm faster than just considering the anomaly connections making the detection rate faster. The simulator explained in this paper have been designed and implemented using Java.