DocumentCode :
2332133
Title :
PTBBWD: A Fast Process Traffic Behavior Based Worm Detection Algorithm
Author :
Xiao Fengtao ; Hu Huaping ; Liu Bo ; Chen Xin
Author_Institution :
Sch. of Comput. Sci., Nat. Univ. of Defense Technol., Changsha
fYear :
2008
fDate :
20-20 Nov. 2008
Firstpage :
181
Lastpage :
186
Abstract :
An algorithm named PTBBWD is presented to detect worms. It is process traffic behavior based and has considered three important behaviors: total amount of source ports in wormlike traffic, changing frequency of source ports in wormlike process traffic and the wormlike traffic proportion of the total process traffic. Unlike similar work before, PTBBWD checks the frequency and the total amount of source ports only when a process is sending wormlike traffic. Experiments using applications in the wild show that PTBBWD can detect worms quickly and correctly with small false positives.
Keywords :
invasive software; frequency checking; process traffic behavior based worm detection algorithm; source ports; Computer network management; Computer worms; Detection algorithms; Frequency; Information management; Information technology; Internet; Seminars; Technology management; Telecommunication traffic;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Future Information Technology and Management Engineering, 2008. FITME '08. International Seminar on
Conference_Location :
Leicestershire, United Kingdom
Print_ISBN :
978-0-7695-3480-0
Type :
conf
DOI :
10.1109/FITME.2008.150
Filename :
4746470
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2332133
بازگشت