Data Mining and Knowledge Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Crushing of C-Worm Using Random Scanning


Affiliations
1 A.S.L Pauls College of Engineering & Technology, Coimbatore, Tamil Nadu, India
2 Ranganathan Engineering College, Coimbatore, Tamil Nadu, India
     

   Subscribe/Renew Journal


A worm is a malicious self-replicating programs, it is designed to spread via computer networks. Computer worms are one form of malware along with viruses and Trojans. Active worms pose major security threats to the Internet. This is the ability of active worms to continuously propagate in the computers on the Internet as an automated fashion. Active worms evolve during their propagation, and thus, pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic. Using a comprehensive set of detection metrics and real-world traces as background traffic, we conduct extensive performance evaluations on our proposed spectrum-based detection scheme. The performance data clearly demonstrates that our scheme can effectively detect the C-Worm propagation. Furthermore, we show the generality of our spectrum-based scheme in effectively detecting not only the C-Worm, but traditional worms as well.

Keywords

PSD, SFM, Worm, Malware.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 211

PDF Views: 2




  • Crushing of C-Worm Using Random Scanning

Abstract Views: 211  |  PDF Views: 2

Authors

B. Suganya
A.S.L Pauls College of Engineering & Technology, Coimbatore, Tamil Nadu, India
R. Vaishnavi
Ranganathan Engineering College, Coimbatore, Tamil Nadu, India

Abstract


A worm is a malicious self-replicating programs, it is designed to spread via computer networks. Computer worms are one form of malware along with viruses and Trojans. Active worms pose major security threats to the Internet. This is the ability of active worms to continuously propagate in the computers on the Internet as an automated fashion. Active worms evolve during their propagation, and thus, pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic. Using a comprehensive set of detection metrics and real-world traces as background traffic, we conduct extensive performance evaluations on our proposed spectrum-based detection scheme. The performance data clearly demonstrates that our scheme can effectively detect the C-Worm propagation. Furthermore, we show the generality of our spectrum-based scheme in effectively detecting not only the C-Worm, but traditional worms as well.

Keywords


PSD, SFM, Worm, Malware.