Title :
Detecting worms via mining dynamic program execution
Author :
Wang, Xun ; Yu, Wei ; Champion, Adam ; Fu, Xinwen ; Xuan, Dong
Author_Institution :
Department of Computer Science and Engineering, The Ohio-State University, Columbus, 43210, USA
Abstract :
Worm attacks have been major security threats to the Internet. Detecting worms, especially new, unseen worms, is still a challenging problem. In this paper, we propose a new worm detection approach based on mining dynamic program executions. This approach captures dynamic program behavior to provide accurate and efficient detection against both seen and unseen worms. In particular, we execute a large number of real-world worms and benign programs (executables), and trace their system calls. We apply two classifier-learning algorithms (Naive Bayes and Support Vector Machine) to obtain classifiers from a large number of features extracted from the system call traces. The learned classifiers are further used to carry out rapid worm detection with low overhead on the end-host. Our experimental results clearly demonstrate the effectiveness of our approach to detect new worms in terms of a very high detection rate and a low false positive rate.
Keywords :
Application software; Computer science; Computer worms; Internet; Libraries; Monitoring; Peer to peer computing; Runtime; Security; Support vector machines; Worm detection; data mining; dynamic program analysis; system call tracing;
Conference_Titel :
Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on
Conference_Location :
Nice, France
Print_ISBN :
978-1-4244-0974-7
Electronic_ISBN :
978-1-4244-0975-4
DOI :
10.1109/SECCOM.2007.4550362
