• DocumentCode
    464176
  • Title

    A New Approach to Early Detection of an Unknown Worm

  • Author

    Yamada, Yuuki ; Katoh, Takashi ; Bista, Bhed Bahadur ; Takata, Toyoo

  • Author_Institution
    Fac. of Software & Inf. Sci., Iwate Prefectural Univ., Ishikawa
  • Volume
    1
  • fYear
    2007
  • fDate
    21-23 May 2007
  • Firstpage
    194
  • Lastpage
    198
  • Abstract
    Recently, many worms such as Sassar worm or MS Blaster worm, had made serious damages to many hosts on Internet. These worms spread and damage many hosts on Internet by exploiting vulnerability of network application and/or operating system. Infection of worms that exploit the vulnerability of software can be prevented by applying proper software patches. However, it is impossible to prevent an infection of worms that exploit unknown vulnerability by only that method. In this paper, we propose a new method for detecting unknown worms by using hop number distribution of packets received by a host. We also present a system design for real time detection of unknown worms´ activity by employing the proposed method.
  • Keywords
    Internet; invasive software; Internet; MS Blaster worm; Sassar worm; early unknown worm detection; network application vulnerability; operating system vulnerability; software patches; software vulnerability; Application software; Computer viruses; Computer worms; IP networks; Internet; Mobile computing; Monitoring; Operating systems; Personal communication networks; Real time systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on
  • Conference_Location
    Niagara Falls, Ont.
  • Print_ISBN
    978-0-7695-2847-2
  • Type

    conf

  • DOI
    10.1109/AINAW.2007.33
  • Filename
    4221059
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=464176