Title :
A New Approach to Early Detection of an Unknown Worm
Author :
Yamada, Yuuki ; Katoh, Takashi ; Bista, Bhed Bahadur ; Takata, Toyoo
Author_Institution :
Fac. of Software & Inf. Sci., Iwate Prefectural Univ., Ishikawa
Abstract :
Recently, many worms such as Sassar worm or MS Blaster worm, had made serious damages to many hosts on Internet. These worms spread and damage many hosts on Internet by exploiting vulnerability of network application and/or operating system. Infection of worms that exploit the vulnerability of software can be prevented by applying proper software patches. However, it is impossible to prevent an infection of worms that exploit unknown vulnerability by only that method. In this paper, we propose a new method for detecting unknown worms by using hop number distribution of packets received by a host. We also present a system design for real time detection of unknown worms´ activity by employing the proposed method.
Keywords :
Internet; invasive software; Internet; MS Blaster worm; Sassar worm; early unknown worm detection; network application vulnerability; operating system vulnerability; software patches; software vulnerability; Application software; Computer viruses; Computer worms; IP networks; Internet; Mobile computing; Monitoring; Operating systems; Personal communication networks; Real time systems;
Conference_Titel :
Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on
Conference_Location :
Niagara Falls, Ont.
Print_ISBN :
978-0-7695-2847-2
DOI :
10.1109/AINAW.2007.33
