Title :
Worm Detection in an IPv6 Internet
Author :
Xu Yangui ; Zhou Jiachun ; Li Xiangchun ; Qian Huanyan
Author_Institution :
Sch. of Comput. Sci. & Technol., Nanjing Univ. of Sci. & Technol., Nanjing, China
Abstract :
It is a commonly held belief that IPv6 provides greater security against random scanning worms by virtue of a very sparse address space. As a result, worm authors are looking for new ways to acquire vulnerable targets without relying on random scanning for them. It is possible to find vulnerable Web servers by sending carefully crafted queries to search engines or Domain Name System (DNS) queries to DNS servers. In this paper, we discuss scanning strategies of possible worms in the IPv6 Internet. The performance of the worm depends heavily on these strategies, which in turn depend on how secure directory and naming services of a network are. We present an integrated system for the detection and automatic containment of worm propagation in an IPv6 local area network. The detection engine of our system utilizes the DNS anomalies of the worm traffic. We propose a worm detection algorithm based on user habit of sending DNS queries in an IPv6 Internet. Experiment results show that the algorithm is able to detect worms propagation accurately at its early stage in real-time. Our results bring insight on the future battle against worm attacks.
Keywords :
Internet; invasive software; local area networks; DNS queries user habit; IPv6 Internet; IPv6 local area network; domain name system; worm detection algorithm; Computer science; Computer worms; Detection algorithms; Domain Name System; Internet; Local area networks; Search engines; Space technology; Telecommunication traffic; Web server; Domain Name System; IPv6; detection; user habit; worm;
Conference_Titel :
Computational Intelligence and Security, 2009. CIS '09. International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-5411-2
DOI :
10.1109/CIS.2009.216
