Detection algorithm of scanning worms based on similarity analysis

被引：0

作者：

Huang Z.-Y. ^{[1
]}

Zhou J.-L. ^{[1
]}

Chen X.-L. ^{[1
]}

Shi X.-L. ^{[2
]}

机构：

[1] College of Communication Engineering, Chongqing University

[2] Chongqing University of Science and Technology

来源：

Huanan Ligong Daxue Xuebao/Journal of South China University of Technology (Natural Science) | 2011年 / 39卷 / 05期

关键词：

Detection; Kalman filter; Similarity; Threshold; Worm;

D O I：

10.3969/j.issn.1000-565X.2011.05.013

中图分类号：

学科分类号：

摘要：

In recent years, worms have gradually become serious security threats to Internet. However, the existing detection algorithms of worms are insufficient due to their high false detection rate. In order to solve this problem, a similarity-based detection algorithm of worms is proposed, which optimizes the basic cumulative abnormal detection algorithm by analyzing the similarity of abnormal data series to worm scanning characteristics, and dynamically adapt the detection threshold to complex network environments using a Kalman filter. Simulated results indicate that, as compared with the basic cumulative abnormal detection algorithm, the proposed algorithm is more effective because it reduces the false detection rate and improves the detection accuracy.

引用

页码：73 / 77+101

共 15 条

[1] The art of port scanning, Phrack Magazine, 7, 51, pp. 11-17, (1997)
[2] Incident note IN-2001-09
[3] Huang L., Garoralakis M., Hellerstein J., Et al., Toward sophisticated detection with distributed triggers, Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data, pp. 311-316, (2006)
[4] Huang L., Nguyen X., Garofalakis M., Et al., Communication efficient online detection of network-wide anomalies, 26th IEEE International Conference on Computer Communications, pp. 134-142, (2007)
[5] Keralapura R., Cormode G., Ramamirtham J., Communication-efficient distributed monitoring of thresholded count, Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data, pp. 289-300, (2006)
[6] Stuart S., Jaeyeon J., Arthur W., Fast detection of scanning worm infections, 7th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 59-81, (2004)
[7] Huang L., Garofalakis M., Anthony D.J., Et al., Communication-efficient tracking of distributed cumulative triggers, 27th International Conference on Distributed Computing Systems, pp. 54-64, (2007)
[8] Kang J., Zhang J., Li Q., Et al., Detecting new P2P botnet with multi-chart CUSUM, Wireless Communications and Trusted Computing, pp. 688-691, (2009)
[9] Ellis D., Aiken J., Attwood K., Et al., A behavioral approach to worm detection, Proceedings of ACM Workshop on Rapid Malcode (WORM), pp. 43-53, (2004)
[10] Shanon C., A mathematical theory of communication, Bell System Technical Journal, 27, pp. 379-423, (1948)

← 1 2 →