Title :
Java based Simulator to Detect Zero-Day Silent Worms using ACTM
Author :
Bhatia, Abhey ; Dhabe, P.S. ; Pukale, S.G.
Author_Institution :
Comput. Dept., Vishwakarma Inst. of Technol., Pune
Abstract :
There are different types of computer worms like email worms, IRC worms, network worms, e.t.c. silent worms are network worms which have a hit-list of vulnerable hosts and limits the number of infection activities of each copy to suppress anomaly network activities of each infected host. There are different techniques which use aggressive nature of network worms as a clue to detect network worms but these techniques aren´t effective against silent worms. Hence, anomaly connection tree method (ACTM) is used to detect silent worms. ACTM uses a worm propagation behaviour expressed as tree-like structures composed of infection connections as edges to detect silent worms. Then, by detecting connections composed of anomaly connections, ACTM detects the worms before 10% of the hosts are infected. Comparison of ACTM with other method like AC counting method is done to show that the tree structure help detect the worm faster than just considering the anomaly connections making the detection rate faster. The simulator explained in this paper have been designed and implemented using Java.
Keywords :
Java; invasive software; trees (mathematics); ACTM; IRC worms; Java based simulator; anomaly connection tree method; anomaly network activities; email worms; network worms; tree-like structures; zero-day silent worm detection; Computer networks; Cryptography; Java; Power engineering and energy; Public key; Resilience; Space technology; Symmetric matrices; Telecommunication traffic; Wireless sensor networks;
Conference_Titel :
Advance Computing Conference, 2009. IACC 2009. IEEE International
Conference_Location :
Patiala
Print_ISBN :
978-1-4244-2927-1
Electronic_ISBN :
978-1-4244-2928-8
DOI :
10.1109/IADCC.2009.4809125
