A Novel Anomaly Detection Algorithm and Prewarning Technology of Unknown Worms

The existing worm detection system requires high detection environment and has high false alarm rate. So the paper proposed a novel anomaly detection algorithm and the prewarning technology of unknown network worms. We detect unknown worms by means of multidimensional worm abnormal detection method to discover unknown worms, extracts unknown worm features set by analyzing worm data in a leap-style way and creates new rules which will be used to detect the corresponding worm in case that the unknown worm attacks again. Experiments have proved that this method can discover new worms successfully, extracts corresponding features and creates new rules for later detection. Experiment data has shown that this method has a high success detection rate and low false alarm rate.

[1]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[2]  George Bakos,et al.  Early detection of Internet worm activity by metering ICMP destination unreachable messages , 2002, SPIE Defense + Commercial Sensing.

[3]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[4]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[5]  Qing Si-han,et al.  Research and Development of Internet Worms , 2004 .

[6]  Ram Dantu,et al.  Fast Worm Containment Using Feedback Control , 2007, IEEE Transactions on Dependable and Secure Computing.

[7]  Xin-Yu Zhang,et al.  A Coordinated Worm Detection Method Based on Local Nets , 2007 .