Anomaly detection for Internet worms

Author

Al-Hammadi, Yousof ; Leckie, Christopher

Author_Institution

Dept. of Electr. & Electron. Eng., Melbourne Univ., Vic., Australia

fYear

2005

fDate

15-19 May 2005

Firstpage

133

Lastpage

146

Abstract

Internet worms have become a major threat to the Internet due to their ability to rapidly compromise large numbers of computers. In response to this threat, there is a growing demand for effective techniques to detect the presence of worms and to reduce the worms´ spread. Furthermore, existing approaches for anomaly detection of new worms suffer from scalability problems. In this paper, we present an approach for detecting worms based on similar patterns of connection activity. We then investigate how to improve the computational efficiency of worm detection by presenting a greedy algorithm, which minimizes the amount of traffic processing needed to detect worms, thus increasing the scalability of the system. Our evaluation shows that the greedy algorithm not only achieved high detection accuracy and reduced the amount of processing time to detect worms, but also achieved reasonable worm traffic detection in the early stages of an outbreak.

Keywords

Internet; greedy algorithms; invasive software; telecommunication security; telecommunication traffic; Internet worm; anomaly detection; greedy algorithm; network intrusion detection; network security; worm traffic detection; Computational efficiency; Computer networks; Computer viruses; Computer worms; Greedy algorithms; IP networks; Internet; Intrusion detection; Scalability; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management, 2005. IM 2005. 2005 9th IFIP/IEEE International Symposium on

Print_ISBN

0-7803-9087-3

Type

conf

DOI

10.1109/INM.2005.1440779

Filename

1440779