Projects

modeling and detection of camouflaging worm

You are not Member of this Project.
Project Owner : ravi23sri
Created Date : Thu, 26/05/2011 - 06:47
Project Description :

Abstract—Active worms pose major security threats to the Internet. This is due to the ability of active worms to propagate in an
automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation, and
thus, pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as
Camouflaging Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate
its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems based on
analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive
comparison between its traffic and nonworm traffic (background traffic). We observe that these two types of traffic are barely
distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature
of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses
the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to
distinguish the C-Worm traffic from background traffic. Using a comprehensive set of detection metrics and real-world traces as
background traffic, we conduct extensive performance evaluations on our proposed spectrum-based detection scheme. The
performance data clearly demonstrates that our scheme can effectively detect the C-Worm propagation. Furthermore, we show the
generality of our spectrum-based scheme in effectively detecting not only the C-Worm, but traditional worms as well

You are not authorized to access this content.
You are not authorized to access this content.
You are not authorized to access this content.
You are not authorized to access this content.
You are not authorized to access this content.