Title :
Digging for worms, fishing for answers
Author :
Buchholz, Florian ; Daniels, Thomas E. ; Early, James P. ; Gopalakrishna, Rajeev ; Gorman, R. Patrick ; Kuperman, Bejamin A. ; Nystrom, Sofie ; Schroll, Addam ; Smith, Andrew
Author_Institution :
Center for Educ. & Res. in Inf. Assurance & Security, Purdue Univ., West Lafayette, IN, USA
Abstract :
Worms continue to be a leading security threat on the Internet. This paper analyzes several of the more widespread worms and develops a general life-cycle for them. The lifecycle, from the point of view of the victim host, consists of four stages: target selection, exploitation, infection, and propagation. While not all worms fall into this framework perfectly, by understanding them in this way, it becomes apparent that the majority of detection techniques used today focus on the first three stages. This paper presents a technique that is used in the fourth stage to detect the class of worms that use a horizontal scan to propagate. An argument is also made that detection in the fourth stage is a viable, but under-used technique.
Keywords :
Internet; computer network management; computer viruses; security of data; Internet; exploitation; horizontal scan; infection; life-cycle; propagation; security threat; target selection; victim host; worms; Computer crime; Computer security; Computer worms; Continuing education; Information security; Information systems; Internet; Intrusion detection; Protection; Telecommunication traffic;
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
Print_ISBN :
0-7695-1828-1
DOI :
10.1109/CSAC.2002.1176293
