Title :
W-Aegis: A Propagation Behavior Based Worm Detection Model for Local Networks
Author :
Tang, Zhanyong ; Qi, Rui ; Fang, Dingyi ; Luo, YangXia
Author_Institution :
Coll. of Inf. Sci. & Technol., Northwest Univ., Xi´´an, China
Abstract :
This paper presents a new approach to detect unknown worms on local networks. We propose a worm detection model based on propagation behavior of unknown worms within an intranet. The model firstly describes propagation behavior with a binary model vector structure. Then, it uses three-tier security filters to detect unknown worms. In contrast to traditional research which only focuses on how to detect the scanning behavior, the binary model vector also concerns the response behavior of the worm host. Comparison results show that it can remarkably improve the integrality of description of unknown wormspsila propagation behavior. Experimental results indicate that it is more accurately and efficiently in detecting local-network-worm-intrusion than traditional schemes.
Keywords :
intranets; invasive software; telecommunication security; Intranet; W-aegis; binary model vector structure; local network worm intrusion; security filter; unknown worm detection model; Data mining; Educational institutions; Face detection; Filters; Finance; Frequency; IP networks; Information science; Information security; Paper technology; detection; local network; propagation behavior; worm;
Conference_Titel :
Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
Conference_Location :
Xian
Print_ISBN :
978-0-7695-3744-3
DOI :
10.1109/IAS.2009.293
