A novel approach to detecting worms based on particle filter

Author

Guoyou, Li ; Lehai, Zhong ; Jun, Yang

Author_Institution

Coll. of Comput. Sci., China West Normal Univ., Nanchong, China

fYear

2009

fDate

18-20 Oct. 2009

Firstpage

429

Lastpage

432

Abstract

This paper presents a novel approach to detecting worms based on particle filter. The approach collects data through honeynet and uses CUSUM to detect the abnormal changes of counts of packet source address in a t sampling. If the change rate exceeds a certain threshold, it will activate particle filter to estimate its growth rate in order to confirm the existence of worms. The experimental results show that the approach can detect unknown worms quickly and contain the large-scale spread of worms if it combines with the intrusion detection system and firewall.

Keywords

Monte Carlo methods; computer networks; invasive software; particle filtering (numerical methods); sampling methods; stochastic processes; telecommunication security; CUSUM; Monte Carlo estimation; computer network; honeynet; packet count; particle filter; t sampling algorithm; worm detection; Computational complexity; Computer science; Computer worms; Computerized monitoring; Detection algorithms; Educational institutions; Intrusion detection; Large-scale systems; Particle filters; Sampling methods; CUSUM (Cumulative Sum); Poisson process; particle filter; worm;

fLanguage

English

Publisher

ieee

Conference_Titel

Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-4590-5

Electronic_ISBN

978-1-4244-4591-2

Type

conf

DOI

10.1109/ICBNMT.2009.5348529

Filename

5348529