Title :
Effective Detection of Active Worms with Varying Scan Rate
Author :
Yu, Wei ; Wang, Xun ; Xuan, Dong ; Lee, David
Author_Institution :
Dept. of Comput. Sci., Texas A&M Univ., College Station, TX
fDate :
Aug. 28 2006-Sept. 1 2006
Abstract :
Active worms have been posing a major security threat to today\´s Internet. It is widely believed that active worms continue their evolutions. In this paper, we model a new form of active worms called varying scan rate worm (the VSR worm in short). The VSR worm deliberately varies its scan rate and is able to avoid being effectively detected by existing worm detection schemes. The emerging "Atak" worm belongs to this category of worms. To countermeasure the VSR worm, we design a new worm detection scheme called attack target distribution entropy based dynamic detection scheme (DEC detection in short). DEC detection utilizes the attack target distribution and its statistical entropy in conjunction with dynamic decision rules to distinguish worm scan traffic from non-worm scan traffic. We conduct extensive performance evaluations on the DEC detection scheme, using real-world traces as background scan traffic. Our data clearly demonstrates the effectiveness of the DEC detection scheme in detecting VSR worms as well as traditional worms
Keywords :
Internet; invasive software; statistical analysis; Atak worm; Internet; active worm detection; attack target distribution entropy based dynamic detection scheme; dynamic decision rules; security threat; statistical entropy; varying scan rate worm; worm scan traffic; Computer crime; Computer worms; Data analysis; Entropy; Large-scale systems; Monitoring; Security; Traffic control; Web and internet services; Anomaly detection; Varying scan rate; Worm attacks;
Conference_Titel :
Securecomm and Workshops, 2006
Conference_Location :
Baltimore, MD
Print_ISBN :
1-4244-0423-1
Electronic_ISBN :
1-4244-0423-1
DOI :
10.1109/SECCOMW.2006.359549
