Cyber Weather Forecasting: Forecasting Unknown Internet Worms Using Randomness Analysis
作者: Hyundo Park , Sung-Oh David Jung , Heejo Lee , Hoh Peter In
DOI: 10.1007/978-3-642-30436-1_31
关键词: Randomness 、 Process (engineering) 、 The Internet 、 Mechanism (biology) 、 Computer science 、 Field (computer science) 、 Anomaly detection 、 Order (exchange) 、 Weather forecasting 、 Computer security
摘要: Since early responses are crucial to reduce the damage from unknown Internet attacks, our first consideration while developing a defense mechanism can be on time efficiency and observing (and predicting) change of network statuses, even at sacrifice accuracy. In recent security field, it is an earnest desire that new predict future attacks needs developed. This motivates us study forecasting toward atacks, which referred as CWF (Cyber Weather Forecasting). this paper, in order show principle realized real-world, we propose called FORE (FOrecasting using REgression analysis) through real-time analysis randomness traffic. responds against worms 1.8 times faster than detection mechanism, named ADUR (Anomaly Detection Using Randomness check), detect worm when only one percent total number vulnerable hosts infected. Furthermore, give timely information about process current situation. Evaluation results demonstrate prediction proposed including ability behaviors starting 0.03 infection. To best knowledge, achieve attacks.
springer.com
elsevier.com
sci-hub.st 参考文章(16)
Thomas Ptacek, Jose Nazario, Dug Song, Wormability: A Description for Vulnerabilities ,(2004)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
XiaoJun Tong, Zhu Wang, A Novel Anomaly Detection Algorithm and Prewarning Technology of Unknown Worms International Conference on High Performance Networking, Computing and Communication Systems. pp. 164- 171 ,(2011) , 10.1007/978-3-642-25002-6_23
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Sarma Vangala, Kevin Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques ,(2003)
Hyundo Park, Peng Li, Debin Gao, Heejo Lee, Robert H Deng, None, Distinguishing between FE and DDoS Using Randomness Check Lecture Notes in Computer Science. pp. 131- 145 ,(2008) , 10.1007/978-3-540-85886-7_9
Sarma Vangala, Kevin A. Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan. network and distributed system security symposium. ,(2004)
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Surasak Sanguanpong, Urupoj Kanlayasiri, Worm damage minimization in enterprise networks International Journal of Human-computer Studies \/ International Journal of Man-machine Studies. ,vol. 65, pp. 3- 16 ,(2007) , 10.1016/J.IJHCS.2006.09.001
George Marsaglia, Liang-Huei Tsay, Matrices and the structure of random number sequences Linear Algebra and its Applications. ,vol. 67, pp. 147- 156 ,(1985) , 10.1016/0024-3795(85)90192-2