A Novel Anomaly Detection Algorithm and Prewarning Technology of Unknown Worms
作者: XiaoJun Tong , Zhu Wang
DOI: 10.1007/978-3-642-25002-6_23
关键词:
摘要: The existing worm detection system requires high environment and has false alarm rate. So the paper proposed a novel anomaly algorithm prewarning technology of unknown network worms. We detect worms by means multidimensional abnormal method to discover worms, extracts features set analyzing data in leap-style way creates new rules which will be used corresponding case that attacks again. Experiments have proved this can successfully, for later detection. Experiment shown success rate low
springer.com
sci-hub.st 参考文章(7)
Wen Wei, Research and Development of Internet Worms Journal of Software. ,(2004)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
Ram Dantu, Joao W. Cangussu, Sudeep Patwardhan, Fast Worm Containment Using Feedback Control IEEE Transactions on Dependable and Secure Computing. ,vol. 4, pp. 119- 136 ,(2007) , 10.1109/TDSC.2007.1002
Xin-Yu ZHANG, A Coordinated Worm Detection Method Based on Local Nets Journal of Software. ,vol. 18, pp. 412- ,(2007) , 10.1360/JOS180412
George Bakos, Vincent H. Berk, Early detection of Internet worm activity by metering ICMP destination unreachable messages Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Defense and Law Enforcement. ,vol. 4708, pp. 33- 42 ,(2002) , 10.1117/12.479290
M.M. Williamson, Throttling viruses: restricting propagation to defeat malicious mobile code annual computer security applications conference. pp. 61- 68 ,(2002) , 10.1109/CSAC.2002.1176279