Title :
Worm detection and containment in local networks
Author :
Zheng, Hong ; Lifa, Wu ; Huabo, Li ; Fan, Pan
Author_Institution :
Inst. of Command Autom., PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
To curb worm spread, it is vital to detect worms in time and restrict the victims´ network behavior effectively. A worm detection and containment system for local networks is proposed. Normal service requests are characterized with the self-set, which is applied to monitor for suspicious service requests. The system correlates the suspicious service requests in the form of binary trees, and binary trees´ anomaly values are monitored for worm attacks. Possible worm victims are determined from the binary trees. Based on the self-set, the worm victims´ normal traffic is permitted while their worm activities are strictly contained. Experiments show the system contains worms effectively, and the detrimental effect of the system´s deployment on normal network traffic is negligible.
Keywords :
computer network security; invasive software; binary trees; containment system; local networks; normal network traffic; normal service requests; suspicious service requests; worm attacks; worm detection; worm victims; Grippers; Zinc; binary tree; network security; worm; worm containment strategy;
Conference_Titel :
Computer Science and Information Processing (CSIP), 2012 International Conference on
Conference_Location :
Xi´an, Shaanxi
Print_ISBN :
978-1-4673-1410-7
DOI :
10.1109/CSIP.2012.6308924
