On detecting active worms with varying scan rate

作者: Wei Yu , Xun Wang , Adam Champion , Dong Xuan , David Lee

DOI: 10.1016/J.COMCOM.2010.10.014

关键词: Real-time computingAnomaly detectionThe InternetComputer scienceSimulation

摘要: Active worms have posed a major security threat to the Internet and many research efforts focused on them. However, defending against them remains challenging due their continuous evolution. In this paper, we study new class of defense-oriented evolved worms, Varying Scan Rate worm (the VSR in short). order circumvent detection by existing schemes, deliberately varies its scan rate according these schemes' weaknesses. To counteract worm, design worm-detection scheme, attack-target Distribution Entropy-based Dynamic scheme (DED for DED utilizes distribution robust statistical feature conjunction with dynamic decision adaptation distinguish worm-scan traffic from non-worm-scan traffic. We present comparatively complete space schemes conduct extensive performance evaluations compared other using real-world traces as background Our data clearly demonstrate effectiveness detecting both traditional worm.

参考文章(63)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Wenke Lee, Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffin, Impeding Malware Analysis Using Conditional Code Obfuscation network and distributed system security symposium. pp. 1- 13 ,(2008)
Sergios Theodoridis, Konstantinos Koutroumbas, Pattern Recognition, Third Edition Academic Press, Inc.. ,(2006)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
Mary Vernon, Jason Franklin, John Bethencourt, Mapping internet sensors with probe response attacks usenix security symposium. pp. 13- 13 ,(2005)
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Saumya K. Debray, Gregory R. Andrews, Igor V. Popov, Binary obfuscation using signals usenix security symposium. pp. 19- ,(2007)
Danilo Bruschi, Lorenzo Martignoni, Mattia Monga, Detecting Self-mutating Malware Using Control-Flow Graph Matching Detection of Intrusions and Malware & Vulnerability Assessment. ,vol. 4064, pp. 129- 143 ,(2006) , 10.1007/11790754_8