An Efficient Signature-Based Approach for Automatic Detection of Internet Worms over Large-Scale Networks

Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, a...

Full description

Saved in:
Bibliographic Details
Main Authors: Simkhada, Kumar, Taleb, Tarik, Waizumi, Yuji, Jamalipour, Abbas, Kato, Nei, Nemoto, Yoshiaki
Format: Conference Proceeding
Language:English
Subjects:
Communication system traffic control
Computer crime
Internet
IP networks
Large-scale systems
Monitoring
Network topology
Security
Telecommunication traffic
Urban areas
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, an efficient signature-based method is proposed for automatic detection of worms over large-scale networks. In the proposed system, detection is performed in a hierarchical manner. Security managers of local networks collect worm-like or suspicious flows and handle these flows to high-hierarchy metropolitan managers. In response, the latter use this information to generate robust signature. The global manager which lies on top of the hierarchy, multicasts the signature to local managers via metropolitan managers. This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms. Experimental results indicate that the proposed system exhibits high detection rates with low false alarm rates.
ISSN:1550-3607
1938-1883
DOI:10.1109/ICC.2006.255123