Title :
Early warning of active worms based on multi-similarity
Author :
He, Hui ; Zhang, Hong-Li ; Zhang, Wei-Zhe ; Hu, Ming-Zeng ; Tang, Zhen-Jiang
Author_Institution :
Dept. of Comput. Sci. & Eng., Harbin Inst. of Technol., China
Abstract :
Worm detection methods play an important role as frequent breakouts of Internet worm result in tremendous economic destruction. On the basis of analyzing characteristics of normal network traffic distribution, an early worm detection method based on multi-similarity is proposed. It integrates the worms´ behavior attribute with its traffic distribution and detects abnormal behavior by its distribution similarity of its certain features. According to the network simulation experiments, the detection method can find out the worms intrusion against the large-scale network traffic, which does not arouse the sharp changes of the network traffic.
Keywords :
Internet; invasive software; telecommunication security; telecommunication traffic; Internet worm; active worm; intrusion detection; multi-similarity based worm detection method; network simulation; network traffic distribution; Computer worms; Costs; Detection algorithms; Internet; Intrusion detection; Large-scale systems; TCPIP; Telecommunication traffic; Traffic control; Web server; Intrusion detection; early warning; multi-similarity; worm detection;
Conference_Titel :
Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on
Conference_Location :
Guangzhou, China
Print_ISBN :
0-7803-9091-1
DOI :
10.1109/ICMLC.2005.1527616
