Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Prototyping and Detection of Concealing Worm


Affiliations
1 Computer Science & Engineering Department of NIMRA College of Engineering and Technology, Vijayawada, India
2 Department of Computer Science & Engineering, NIMRA College of Engineering and Technology, Vijayawada, India
     

   Subscribe/Renew Journal


Worms pose major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation and thus pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Concealing Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume overtime. Thereby, the C-Worm conceals its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic.


Keywords

Worm, Conceal, Anomaly Detection, Worm-Infected Computers.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 233

PDF Views: 3




  • Prototyping and Detection of Concealing Worm

Abstract Views: 233  |  PDF Views: 3

Authors

Ravi Teja Gaddam
Computer Science & Engineering Department of NIMRA College of Engineering and Technology, Vijayawada, India
K. Ruth Mary Poornima
Department of Computer Science & Engineering, NIMRA College of Engineering and Technology, Vijayawada, India

Abstract


Worms pose major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation and thus pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Concealing Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume overtime. Thereby, the C-Worm conceals its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic.


Keywords


Worm, Conceal, Anomaly Detection, Worm-Infected Computers.