Title :
Anomaly detection for Internet worms
Author :
Al-Hammadi, Yousof ; Leckie, Christopher
Author_Institution :
Dept. of Electr. & Electron. Eng., Melbourne Univ., Vic., Australia
Abstract :
Internet worms have become a major threat to the Internet due to their ability to rapidly compromise large numbers of computers. In response to this threat, there is a growing demand for effective techniques to detect the presence of worms and to reduce the worms´ spread. Furthermore, existing approaches for anomaly detection of new worms suffer from scalability problems. In this paper, we present an approach for detecting worms based on similar patterns of connection activity. We then investigate how to improve the computational efficiency of worm detection by presenting a greedy algorithm, which minimizes the amount of traffic processing needed to detect worms, thus increasing the scalability of the system. Our evaluation shows that the greedy algorithm not only achieved high detection accuracy and reduced the amount of processing time to detect worms, but also achieved reasonable worm traffic detection in the early stages of an outbreak.
Keywords :
Internet; greedy algorithms; invasive software; telecommunication security; telecommunication traffic; Internet worm; anomaly detection; greedy algorithm; network intrusion detection; network security; worm traffic detection; Computational efficiency; Computer networks; Computer viruses; Computer worms; Greedy algorithms; IP networks; Internet; Intrusion detection; Scalability; Telecommunication traffic;
Conference_Titel :
Integrated Network Management, 2005. IM 2005. 2005 9th IFIP/IEEE International Symposium on
Print_ISBN :
0-7803-9087-3
DOI :
10.1109/INM.2005.1440779
