Title :
A Distributed Detection of Hit-List Worms
Author :
Kawaguchi, Nobutaka ; Shigeno, Hiroshi ; Okada, Kenichi
Author_Institution :
Fac. of Sci. & Technol., Keio Univ., Yokohama
Abstract :
In this paper, we propose d-ACTM/VT, a network based worm detection method that effectively detects hit-list worms. To detect a kind of hit-list worms named Silent worms in a distributed manner, d-ACTM was proposed. d-ACTM detects the existence of worms by detecting tree structures composed of infection connections as edges. Some undetected infection connections, however, can divide the tree structures into small trees and degrade the detection performance. d-ACTM/VT addresses this problem by aggregating the divided trees as a tree named Virtual AC tree in a distributed manner and utilizes it for detection. Simulation result shows d-ACTM/VT reduces the number of infected hosts by 20% compared to d-ACTM.
Keywords :
computer networks; invasive software; telecommunication security; tree data structures; distributed hit-list worm detection; distributed virtual anomaly connection tree method; infection connection detection; network based worm detection method; silent worm; tree structure detection; Classification tree analysis; Communications Society; Degradation; Detectors; Integrated circuit modeling; Intrusion detection; Network servers; Optical wavelength conversion; Tree data structures; Unicast;
Conference_Titel :
Communications, 2008. ICC '08. IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-2075-9
Electronic_ISBN :
978-1-4244-2075-9
DOI :
10.1109/ICC.2008.303
