Title :
On Detecting Camouflaging Worm
Author :
Yu, Wei ; Wang, Xun ; Calyam, Prasad ; Xuan, Dong ; Zhao, Wei
Author_Institution :
Dept. of Comput. Sci., Texas A&M Univ., College Station, TX
Abstract :
Active worms pose major security threats to the Internet. In this paper, we investigate a new class of active worms, i.e., camouflaging worm (C-Worm in short). The C-Worm has the capability to intelligently manipulate its scan traffic volume over time, thereby camouflaging its propagation from existing worm detection systems. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic. We observe that these two types of traffic are barely distinguishable in the time domain, however, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the power spectral density (PSD) distribution of the scan traffic volume and its corresponding spectral flatness measure (SFM) to distinguish the C-Worm traffic from non-worm traffic. We conduct extensive performance evaluations on our proposed detection scheme against the C-Worm. The performance data clearly demonstrates that our proposed scheme can effectively detect the C-Worm propagation
Keywords :
Internet; invasive software; Internet; camouflaging worm detection; power spectral density distribution; spectral flatness measure; Computer crime; Computer science; Computer worms; Density measurement; Frequency domain analysis; Power measurement; Security; Software performance; Volume measurement; Web and internet services;
Conference_Titel :
Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
0-7695-2716-7
DOI :
10.1109/ACSAC.2006.36
