Title :
A Data Mining Approach for Detection of Self-Propagating Worms
Author :
Marhusin, Mohd Fadzli ; Lokan, Chris ; Larkin, Henry ; Cornforth, David
Author_Institution :
Univ. of New South Wales at ADFA, Canberra, ACT, Australia
Abstract :
In this paper we demonstrate our signature based detector for self-propagating worms. We use a set of worm and benign traffic traces of several endpoints to build benign and worm profiles. These profiles were arranged into separate n-ary trees. We also demonstrate our anomaly detector that was used to deal with tied matches between worm and benign trees. We analyzed the performance of each detector and also with their integration. Results show that our signature based detector can detect very high true positive. Meanwhile, the anomaly detector did not achieve high true positive. Both detectors, when used independently, suffer high false positive. However, when both detectors were integrated they maintained a high detection rate of true positive and minimized the false positive.
Keywords :
computer viruses; data mining; trees (mathematics); benign profiles; data mining approach; n-ary trees; self-propagating worm detection; worm profiles; Australia; Computer vision; Computer worms; Data mining; Data security; Detectors; Entropy; Information security; Performance analysis; Tree data structures; anomaly detector; self-propagating worm; signature based detector; worm detector;
Conference_Titel :
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4244-5087-9
Electronic_ISBN :
978-0-7695-3838-9
DOI :
10.1109/NSS.2009.88
