Design of a system for real-time worm detection

Author

Madhusudan, Bharath ; Lockwood, John

Author_Institution

Dept. of Comput. Sci. & Eng., Washington Univ., St. Louis, MO, USA

fYear

2004

fDate

25-27 Aug. 2004

Firstpage

77

Lastpage

83

Abstract

Recent well publicized attacks have made it clear that worms constitute a threat to Internet security. Systems that secure networks against malicious code are expected to be a part of the critical Internet infrastructure in the future. Intrusion detection and prevention systems (IDPS) currently have limited use because they can filter only known worms. We present the design and implementation of a system that automatically detects new worms in real-time by monitoring traffic on a network. The system uses field programmable gate arrays (FPGAs) to scan packets for patterns of similar content. Given that a new worm hits the network and the rate of infection is high, the system is automatically able to detect an outbreak. Frequently occurring strings in packet payloads are instantly reported as likely worm signatures.

Keywords

Internet; field programmable gate arrays; invasive software; pattern recognition; telecommunication security; telecommunication traffic; FPGA; Internet security; critical Internet infrastructure; field programmable gate arrays; intrusion detection systems; intrusion prevention systems; packet string pattern detection; real-time worm detection; traffic monitoring; worm signatures; Computerized monitoring; Field programmable gate arrays; IP networks; Information filtering; Information filters; Internet; Intrusion detection; Payloads; Real time systems; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

High Performance Interconnects, 2004. Proceedings. 12th Annual IEEE Symposium on

Print_ISBN

0-7803-8686-8

Type

conf

DOI

10.1109/CONECT.2004.1375207

Filename

1375207