Title :
ACTM: Anomaly Connection Tree Method to detect Silent Worms
Author :
Kawaguchi, Nobutaka ; Azuma, Yusuke ; Ueda, Shintaro ; Shigeno, Hiroshi ; Okada, Ken-ichi
Author_Institution :
Fac. of Sci. & Technol., Keio Univ., Kanagawa
Abstract :
In this paper we propose a novel worm detection method that can detect silent worms in intranet. Most existing detection methods use aggressive activities of worms as a clue for detection and are ineffective against worms that propagate silently using a list of vulnerable hosts. To detect such worms, we propose anomaly connection tree method (ACTM). ACTM uses two features present to most worms. First is that the worm´s propagation behavior is expressed as tree-like structures. Second is that the worm´s selection of infection targets does not consider which hosts its infected host communicates too frequently. Then, by constructing trees that are composed of anomaly connections, ACTM detects the existence of such worms. Through the simulation results, we have shown that ACTM can detect the worms in an early stage
Keywords :
computer viruses; intranets; tree data structures; ACTM; anomaly connection tree method; intranet; silent worm detection; worm propagation; Cities and towns; Computational modeling; Computer networks; Computer simulation; Computer worms; Face detection; Network servers; Network topology; TCPIP; Target tracking;
Conference_Titel :
Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2466-4
DOI :
10.1109/AINA.2006.70
