Title :
Study on Event-Sequence Based Worm Behavior Analysis in Internet
Author :
Ren Ping ; Liu Wu ; Liu Ke ; Sun Donghong
Author_Institution :
Sch. of Econ. & Manage., Chongqing Normal Univ., Chongqing, China
Abstract :
As the flooding of malicious codes such as worms, how to analyze large number of malicious samples quickly and effectively becomes a great issue for researchers in network security. This paper proposed an analysis algorithm for worm network behavior based on event sequence, which uses the data flow recombination and compression methods to process the pure malicious data. With this algorithm, one can quickly extract the network behavior profile and the signature of the worm. The application of this algorithm will greatly improve the efficiency of analyzing the worm network behavior, which will be significant for the deployment of firewalls and network invasion detection systems.
Keywords :
Internet; computer network security; data compression; digital signatures; invasive software; Internet; data compression; data flow recombination; event sequence; firewalls; flooding; malicious codes; network invasion detection systems; network security; worm behavior analysis; Algorithm design and analysis; Educational institutions; Feature extraction; Fingerprint recognition; Grippers; IP networks; Protocols; Malware; Network Behavior; Network Security; Worm;
Conference_Titel :
Complexity and Data Mining (IWCDM), 2011 First International Workshop on
Conference_Location :
Nanjing, Jiangsu
Print_ISBN :
978-1-4577-2007-9
DOI :
10.1109/IWCDM.2011.36
