Title :
An Integrated Approach to Worm Detection and Automatic Signature Generation
Author :
Yao, Li ; Liu, Yu ; Zhang, Yuqing
Author_Institution :
Nat. Comput. Network Intrusion Protection Center, Grad. Univ. of Chinese Acad. of Sci., Beijing, China
Abstract :
Modern worms spread so quickly on the Internet that traditional methods which entail human labor to generate signatures might not be fast enough to contain their spreading. It´ s necessary to automate the processes of both worm detection and signature generation. In this paper, we firstly propose a detection algorithm with an evidence fusion model integrating four anomalous network behaviors. When malicious traffic has been found, a hierarchical cluster based signature generation algorithm is applied to analyze the content of worm flows and generate signatures automatically. The experiment shows that our approach is noise-tolerant and be able to detect worm attacks in time and generate signatures quickly and accurately.
Keywords :
Internet; computer network security; invasive software; Internet; anomalous network behavior; automatic signature generation; fusion model; hierarchical cluster based signature generation algorithm; malicious traffic; worm detection; Computational intelligence; Computer worms; Data security; Fusion power generation; IP networks; Intrusion detection; Payloads; Telecommunication traffic; Traffic control; Web and internet services; cluster; evidence fusion; signature generation; worm detection;
Conference_Titel :
Computational Intelligence and Security, 2009. CIS '09. International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-5411-2
DOI :
10.1109/CIS.2009.274
