Title :
Efficient content-based detection of zero-day worms
Author :
Akritidis, P. ; Anagnostakis, K. ; Markatos, E.P.
Author_Institution :
Inst. of Comput. Sci., Hellas Found. for Res. & Technol., Greece
Abstract :
Recent cybersecurity incidents suggest that Internet worms can spread so fast that in-time human-mediated reaction is not possible, and therefore initial response to cyberattacks has to be automated. The first step towards combating new unknown worms is to be able to detect and identify them at the first stages of their spread. In this paper, we present a novel method for detecting new worms based on identifying similar packet contents directed to multiple destination hosts. We evaluate our method using real traffic traces that contain real worms. Our results suggest that our approach is able to identify novel worms while at the same time the generated false alarms reach as low as zero percent.
Keywords :
Internet; invasive software; telecommunication security; telecommunication traffic; Internet worms; content-based detection; cybersecurity incidents; destination hosts; false alarms; intime human-mediated reaction; real traffic traces; zero-day worms; Computer crime; Computer science; Computer worms; Detection algorithms; IP networks; Internet; Intrusion detection; Laboratories; Payloads; Telecommunication traffic;
Conference_Titel :
Communications, 2005. ICC 2005. 2005 IEEE International Conference on
Print_ISBN :
0-7803-8938-7
DOI :
10.1109/ICC.2005.1494469
