• DocumentCode
    519169
  • Title

    Internet worms identification through serial episodes mining

  • Author

    Su, Ming-Yang

  • Author_Institution
    Dept. of Comput. Sci. & Inf. Eng., Ming Chuan Univ., Taoyuan, Taiwan
  • fYear
    2010
  • fDate
    19-21 May 2010
  • Firstpage
    132
  • Lastpage
    136
  • Abstract
    An Internet worm is a typical Internet attack that can rapidly pervade a computer without user intervention. In the frequent episodes mining, data is regarded as a sequence of events, where each event has an associated time of occurrence, thus, it has significant effect on the discovery of sophisticated Internet attacks. The method proposed in this paper can be used to detect abnormal Internet episodes from the log files of a honeypot system in order to discover known or unknown attack episodes. The experiment successfully identified sophisticated Internet attack episodes, which were caused by Internet worms, such as Sasser, Shelp, Korgo, etc.
  • Keywords
    Internet; data mining; invasive software; Internet attack; Internet worm identification; frequent episodes mining; honeypot system; log files; serial episode mining; Computer science; Computer worms; Data mining; File servers; Internet; Intrusion detection; Network servers; Protocols; Telecommunication traffic; Tellurium;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Electrical Engineering/Electronics Computer Telecommunications and Information Technology (ECTI-CON), 2010 International Conference on
  • Conference_Location
    Chaing Mai
  • Print_ISBN
    978-1-4244-5606-2
  • Electronic_ISBN
    978-1-4244-5607-9
  • Type

    conf

  • Filename
    5491518
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=519169