Title :
Simple security using flow data
Author :
Futamura, Kenichi
Author_Institution :
AT&T Labs., AT&T, Inc., Middletown, NJ, USA
Abstract :
Malware attacks cause billions of dollars in economic damage worldwide yearly, and attackers are becoming smarter. We examine techniques for detecting worm propagation in a network using flow-level data. While worm exploits may be difficult to detect due to the wide range of payloads, the propagation phase of a worm is generally much easier to recognize. We examine this step and present one simple method for detecting network worms with no previously known signatures.
Keywords :
Internet; invasive software; telecommunication security; telecommunication traffic; Internet; economic damage; flow data security; malware attack; network worm propagation detection; traffic stream; Computer worms; Data security; Information security; Internet; Monitoring; Payloads; Phase detection; Probes; Sockets; TCPIP; botnet; flow; intrusion; propagation; security; worm;
Conference_Titel :
Wireless and Optical Communications Conference, 2009. WOCC 2009. 18th Annual
Conference_Location :
Newark, NJ
Print_ISBN :
978-1-4244-5217-0
DOI :
10.1109/WOCC.2009.5312784
