• DocumentCode
    442066
  • Title

    Early warning of active worms based on multi-similarity

  • Author

    He, Hui ; Zhang, Hong-Li ; Zhang, Wei-Zhe ; Hu, Ming-Zeng ; Tang, Zhen-Jiang

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Harbin Inst. of Technol., China
  • Volume
    6
  • fYear
    2005
  • fDate
    18-21 Aug. 2005
  • Firstpage
    3876
  • Abstract
    Worm detection methods play an important role as frequent breakouts of Internet worm result in tremendous economic destruction. On the basis of analyzing characteristics of normal network traffic distribution, an early worm detection method based on multi-similarity is proposed. It integrates the worms´ behavior attribute with its traffic distribution and detects abnormal behavior by its distribution similarity of its certain features. According to the network simulation experiments, the detection method can find out the worms intrusion against the large-scale network traffic, which does not arouse the sharp changes of the network traffic.
  • Keywords
    Internet; invasive software; telecommunication security; telecommunication traffic; Internet worm; active worm; intrusion detection; multi-similarity based worm detection method; network simulation; network traffic distribution; Computer worms; Costs; Detection algorithms; Internet; Intrusion detection; Large-scale systems; TCPIP; Telecommunication traffic; Traffic control; Web server; Intrusion detection; early warning; multi-similarity; worm detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on
  • Conference_Location
    Guangzhou, China
  • Print_ISBN
    0-7803-9091-1
  • Type

    conf

  • DOI
    10.1109/ICMLC.2005.1527616
  • Filename
    1527616
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=442066