• DocumentCode
    1736786
  • Title

    W-Aegis: A Propagation Behavior Based Worm Detection Model for Local Networks

  • Author

    Tang, Zhanyong ; Qi, Rui ; Fang, Dingyi ; Luo, YangXia

  • Author_Institution
    Coll. of Inf. Sci. & Technol., Northwest Univ., Xi´´an, China
  • Volume
    2
  • fYear
    2009
  • Firstpage
    158
  • Lastpage
    162
  • Abstract
    This paper presents a new approach to detect unknown worms on local networks. We propose a worm detection model based on propagation behavior of unknown worms within an intranet. The model firstly describes propagation behavior with a binary model vector structure. Then, it uses three-tier security filters to detect unknown worms. In contrast to traditional research which only focuses on how to detect the scanning behavior, the binary model vector also concerns the response behavior of the worm host. Comparison results show that it can remarkably improve the integrality of description of unknown wormspsila propagation behavior. Experimental results indicate that it is more accurately and efficiently in detecting local-network-worm-intrusion than traditional schemes.
  • Keywords
    intranets; invasive software; telecommunication security; Intranet; W-aegis; binary model vector structure; local network worm intrusion; security filter; unknown worm detection model; Data mining; Educational institutions; Face detection; Filters; Finance; Frequency; IP networks; Information science; Information security; Paper technology; detection; local network; propagation behavior; worm;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
  • Conference_Location
    Xian
  • Print_ISBN
    978-0-7695-3744-3
  • Type

    conf

  • DOI
    10.1109/IAS.2009.293
  • Filename
    5283125
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1736786