Title :
Node Behavior Based Fast Malware Detection for Enterprise Networks
Author :
Chang, Su ; Daniels, Thomas E.
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA
Abstract :
Node behavior profiling is a promising tool in many aspects of network security, especially in malware detection. In this paper, based on node behavior profiles proposed in the literature, we propose a fast anomaly detection scheme using SPRT (Sequential Probability Ratio Test) for malware/worm detection. The key idea of this paper is, instead of checking most of the nodes in a network, only a small number of sample nodes are required for detection with the help of SPRT. In our initial studies, we evaluate the fast detection scheme using real enterprise data (LBNL traces). The results show that the fast detection scheme achieves good performances in terms of low false positive and high detection rates.
Keywords :
computer network security; invasive software; probability; anomaly detection scheme; enterprise network; malware detection; network security; node behavior profiling; sequential probability ratio test; worm detection; Correlation; Grippers; Internet; Peer to peer computing; Security; Silicon; Training data;
Conference_Titel :
Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-5636-9
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2010.5684003
