W-Aegis: A Propagation Behavior Based Worm Detection Model for Local Networks
This paper presents a new approach to detect unknown worms on local networks. We propose a worm detection model based on propagation behavior of unknown worms within an intranet. The model firstly describes propagation behavior with a binary model vector structure. Then, it uses three-tier security filters to detect unknown worms. In contrast to traditional research which only focuses on how to detect the scanning behavior, the binary model vector also concerns the response behavior of the worm host. Comparison results show that it can remarkably improve the integrality of description of unknown wormspropagation behavior. Experimental results indicate that it is more accurately and efficiently in detecting local-network-wormintrusion than traditional schemes.
worm propagation behavior detection local network
Zhanyong TANG Rui QI Dingyi FANG Yangxia LUO
College of information science and technology Northwest University Xian,P.R.China Dep.Information University of Finance & Economics Xian,P.R.China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
158-162
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)