Title :
Design of a system for real-time worm detection
Author :
Madhusudan, Bharath ; Lockwood, John
Author_Institution :
Dept. of Comput. Sci. & Eng., Washington Univ., St. Louis, MO, USA
Abstract :
Recent well publicized attacks have made it clear that worms constitute a threat to Internet security. Systems that secure networks against malicious code are expected to be a part of the critical Internet infrastructure in the future. Intrusion detection and prevention systems (IDPS) currently have limited use because they can filter only known worms. We present the design and implementation of a system that automatically detects new worms in real-time by monitoring traffic on a network. The system uses field programmable gate arrays (FPGAs) to scan packets for patterns of similar content. Given that a new worm hits the network and the rate of infection is high, the system is automatically able to detect an outbreak. Frequently occurring strings in packet payloads are instantly reported as likely worm signatures.
Keywords :
Internet; field programmable gate arrays; invasive software; pattern recognition; telecommunication security; telecommunication traffic; FPGA; Internet security; critical Internet infrastructure; field programmable gate arrays; intrusion detection systems; intrusion prevention systems; packet string pattern detection; real-time worm detection; traffic monitoring; worm signatures; Computerized monitoring; Field programmable gate arrays; IP networks; Information filtering; Information filters; Internet; Intrusion detection; Payloads; Real time systems; Telecommunication traffic;
Conference_Titel :
High Performance Interconnects, 2004. Proceedings. 12th Annual IEEE Symposium on
Print_ISBN :
0-7803-8686-8
DOI :
10.1109/CONECT.2004.1375207
