Title :
Internet worms identification through serial episodes mining
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Ming Chuan Univ., Taoyuan, Taiwan
Abstract :
An Internet worm is a typical Internet attack that can rapidly pervade a computer without user intervention. In the frequent episodes mining, data is regarded as a sequence of events, where each event has an associated time of occurrence, thus, it has significant effect on the discovery of sophisticated Internet attacks. The method proposed in this paper can be used to detect abnormal Internet episodes from the log files of a honeypot system in order to discover known or unknown attack episodes. The experiment successfully identified sophisticated Internet attack episodes, which were caused by Internet worms, such as Sasser, Shelp, Korgo, etc.
Keywords :
Internet; data mining; invasive software; Internet attack; Internet worm identification; frequent episodes mining; honeypot system; log files; serial episode mining; Computer science; Computer worms; Data mining; File servers; Internet; Intrusion detection; Network servers; Protocols; Telecommunication traffic; Tellurium;
Conference_Titel :
Electrical Engineering/Electronics Computer Telecommunications and Information Technology (ECTI-CON), 2010 International Conference on
Conference_Location :
Chaing Mai
Print_ISBN :
978-1-4244-5606-2
Electronic_ISBN :
978-1-4244-5607-9
