Detection Accuracy for the Worm Experiment
Behavior-based Worm Detection
... EarlyBird also finds common byte sequences to generate a signature. However, rather than first identifying suspicious traffic and then limiting analysis to that, Earlybird analyzes all traffic that crosses a gateway. It ...
218
A SURVEY OF INTERNET WORM DETECTION
... The detection system utilizing ICMP error messages [25] discussed earlier is another system that tries to obtain global ...global-scale worm detection and analysis system is based on ICMP destination ...
16
Worm Detection Using Honeypots
... the worm payload for further analysis for worms utilizing a second channel as a propagation carrier, as discussed in ...the worm payload, the information collected is already sufficient to download the ...
154
Intelligent System for Worm Detection
... the detection of the worms in the beginning of their ...in worm detection as the high level of accuracy in real-time operation, low CPU resources utilization during the classification phase, ...
10
A Tour of the Computer Worm Detection Space
... Computer worm detection has been a challenging and often elusive ...the worm detection techniques, highlighting the worm characteristics leveraged for detection and the ...
5
EARLY DETECTION AND CONTAINMENT OF NETWORK WORM
... C. Detection Performance The false positive rates observed by the three detection schemes are presented in ...scanning worm behaviour because RIP routers exchange update every 30 seconds by ...
7
A Behaviour based Framework for Worm Detection
... a worm, can be defined as a subset of the sequence of network events executed by a worm, which uniquely identifies ...each worm has a unique behavioural ...a worm tries to exploit a vulnerable ...
8
Behaviour Based Worm Detection and Signature Automation
... proposed to detect network worms. One is based on connection failure; this frequently occurs in a network being scanned. Another is based on using an ANN to detect network worms. The drawback of these approaches is a ...
5
A Model for Computer Worm Detection in a Computer Network
... of detection based on the network behavior through the collection of various parameters such as: network latency, throughput, bandwidth, response time, network utilization, packet loss and ...unknown worm ...
7
A Distributed Host-based Worm Detection System
... Internet worm attack, our initial tests were performed using an epidemic spread ...“likely worm attack” decision is reached at any point, a global warning is broadcast to all ...early detection and ...
7
Behaviour Based Worm Detection and Signature Automation
... proposed to detect network worms. One is based on connection failure; this frequently occurs in a network being scanned. Another is based on using an ANN to detect network worms. The drawback of these approaches is a ...
5
WORM DETECTION USING HONEYPOTS FOR WINDOWS ENVIRONMENT
... generates worm signatures, providing a low response ...intrusion detection and prevention ...increase accuracy and lower false identification ...in worm virulence, researchers are able to sort ...
13
Effective Worm Detection for Various Scan Techniques
... detect worm attacks on enterprise networks, Che- ung [6] proposed an activity-graph based detection al- gorithm that uses the scan activity-graph inferred from the traffic, in which the senders and ...
15
Scan Detection Based Identification of Worm-Infected Hosts
... • The transport protocol TCP waits for a SYN ACK packet after sending a SYN packet. The firewall rules either drop or reject an unauthorized connection attempt to an external host. The difference is that a dropped packet ...
82
Anomalous Payload-Based Worm Detection and Signature Generation
... enemy. Worm writers and attackers, on the other hand, do collaborate and share information amongst themselves about vulnerabilities and tools to rapidly create new attack exploits, launch them, and form shared ...
20
DoWitcher: Effective Worm Detection and Containment in the Internet Core
... for worm detection and containment to the carrier ...zero-day worm detection problem such as those based on content similarity of packet payloads are not scalable to the carrier link speeds ...
5
Polymorphic Worm Detection Using Structural Information of Executables
... Newsome et al. [15] were the first to point out the problem of string fin- gerprints in the case of polymorphic worms. Their solution, called Polygraph, proposes capturing multiple invariant byte strings common to all ...
20
Designing a Framework for Active Worm Detection on Global Networks
... the worm is ...the worm will remain on one physical ...our worm targets an IP address that is both vulnerable and not yet infected, it will fork a copy (launch an independent copy) of itself using ...
11
DoWitcher: Effective Worm Detection and Containment in the Internet Core
... for worm detection and containment to the carrier ...zero-day worm detection problem such as those based on content similarity of packet payloads are not scalable to the carrier link speeds ...
6
SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots
... anomaly detection as a first, and honeypots as a second tier in the detection process: whenever un- usual behaviour is detected, the corresponding traffic is forwarded to honeypots for further ...
18