Call for Paper - May 2015 Edition
IJCA solicits original research papers for the May 2015 Edition. Last date of manuscript submission is April 20, 2015. Read More
A Tour of the Computer Worm Detection Space
International Journal of Computer Applications
© 2014 by IJCA Journal
Volume 104 - Number 1
Year of Publication: 2014
|
10.5120/18169-9045 |
Nelson Ochieng, Waweru Mwangi and Ismael Ateya. Article: A Tour of the Computer Worm Detection Space. International Journal of Computer Applications 104(1):29-33, October 2014. Full text available. BibTeX
@article{key:article,
author = {Nelson Ochieng and Waweru Mwangi and Ismael Ateya},
title = {Article: A Tour of the Computer Worm Detection Space},
journal = {International Journal of Computer Applications},
year = {2014},
volume = {104},
number = {1},
pages = {29-33},
month = {October},
note = {Full text available}
}
Abstract
Computer worm detection has been a challenging and often elusive task. This is partly because of the difficulty of accurately modeling either the normal behavior of computer networks or the malicious actions of computer worms. This paper presents a literature review on the worm detection techniques, highlighting the worm characteristics leveraged for detection and the limitations of the various detection techniques. The paper broadly categorizes the worm detection approaches into content signature based detection, polymorphic worm detection, anomaly based detection, and behavioral signature based detection. The gap in the literature in the techniques is indicated and is the main contribution of the paper.
References
- Ellis, D. 2003. Worm anatomy and model. Proceedings of the 2003 ACM workshop on Rapid malcode, 42-50.
- Moore, D. , Shannon, C. & Brown, J. 2002. Code Red: a case study on the spread and victims of an internet worm. In the proceedings of the internet Measurement Workshop
- Moore, D. , Paxson, V. , Savage, S. , Shannon, C. , Staniford, S. &Weaver, N. 2003. Inside the Slammer Worm. IEEE Security and Privacy, vol. 1, no. 14, 33-39
- Staniford, S. , Paxson, V. , & Weaver, N. 2002. How to Own the Internet in Your Spare Time. In USENIX Security Symposium, 149-167
- Li, P. , Salour, M. , & Su, X. 2008. A survey of internet worm detection and containment. Communications Surveys & Tutorials, IEEE, 10(1), 20-35
- Weaver, N. , Paxson, V. , Staniford, S. , & Cunningham, R. 2003. A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode, 11-18.
- Singh, S. , Estan, C. , Varghese, G. , & Savage, S. 2004. Automated Worm Fingerprinting. In OSDI Vol. 4.
- Karamcheti, V. , Geiger, D. , Kedem, Z. , &Muthukrishnan, S. 2005. Detecting malicious network traffic using inverse distributions of packet contents. In Proceedings of the 2005 ACM SIGCOMM workshop on mining network data, 165-170.
- Abou-Assaleh, T. , Cercone, N. , Keselj, V. , &Sweidan, R. 2004. Detection of New Malicious Code Using N-grams Signatures. In PST, 193-196.
- Kim, H. A. , & Karp, B. 2004. Autograph: Toward Automated, Distributed Worm Signature Detection. In USENIX security symposium, Vol. 286
- Collberg, C. , Thomborson, C. , Low, D. 1997. A Taxonomy of obfuscating transformations. Technical Report 148, University of Auckland.
- Newsome, J. , Karp, B. , & Song, D. 2005. Polygraph: Automatically generating signatures for polymorphic worms. In Security and Privacy, 2005 IEEE Symposium, 226-241.
- Kruegel, C. , Kirda, E. , Mutz, D. , Robertson, W. , &Vigna, G. 2006. Polymorphic worm detection using structural information of executables. In Recent Advances in Intrusion Detection, 207-226. Springer Berlin Heidelberg
- Tang, Y. , & Chen, S. 2007. An automated signature-based approach against polymorphic internet worms. Parallel and Distributed Systems, IEEE Transactions on, 18(7), 879-892
- Wang, L. , Li, Z. , Chen, Y. , Fu, Z. , & Li, X. 2010. Thwarting zero-day polymorphic worms with network-level length-based signature generation. IEEE/ACM Transactions on Networking (TON), 18(1), 53-66.
- Kinder, J. , Katzenbeisser, S. , Schallhart, C. , &Veith, H. 2010. Proactive detection of computer worms using model checking. Dependable and Secure Computing, IEEE Transactions on, 7(4), 424-438.
- Jiang, X. , & Zhu, X. (2009). vEye: behavioral footprinting for self-propagating worm detection and profiling. Knowledge and information systems, 18(2), 231-262
- Jacob, G. , Debar, H. , & Filiol, E. 2008. Behavioral detection of malware: from a survey towards an established taxonomy. Journal in computer Virology, 4(3), 251-266
- Li, J. , Stafford, S. , & Ehrenkranz, T. 2006. SWORD: Self-propagating worm observation and rapid detection. University of Oregon, Tech. Rep. CIS-TR-2006-03
- Mahoney, M. V. , & Chan, P. K. 2001. PHAD: Packet header anomaly detection for identifying hostile network traffic.
- Gu, G. , Sharif, M. , Qin, X. , Dagon, D. , Lee, W. , & Riley, G. 2004. Worm detection, early warning and response based on local victim information. In Computer Security Applications Conference, 2004. 20th Annual, 136-145.
- Whyte, D. , Kranakis, E. V. A. N. G. E. L. O. S. , & Van Oorschot, P. 2005. ARP-based detection of scanning worms within an enterprise network. In Proceedings of the Annual Computer Security Applications Conference (ACSAC)
- Whyte, D. , Kranakis, E. , & van Oorschot, P. C. 2005. DNS-based Detection of Scanning Worms in an Enterprise Network. In NDSS
- Chan, J. , Leckie, C. , & Peng, T. 2006. Hitlist worm detection using source ip address history. In Proceedings of Australian Telecommunication Networks and Applications Conference.
- Xia, J. , Vangala, S. , Wu, J. , Gao, L. , & Kwiat, K. 2006. Effective worm detection for various scan techniques. Journal of Computer Security, 14(4), 359-387
- Anbar, M. , Manasrah, A. , &Manickam, S. 2012. Statistical cross-relation approach for detecting TCP and UDP random and sequential network scanning (SCANS). International Journal of Computer Mathematics, 89 (15), 1952-1969.
- Yu, W. , Wang, X. , Calyam, P. , Xuan, D. , & Zhao, W. 2011. Modeling and detection of camouflaging worm. Dependable and Secure Computing, IEEE Transactions on, 8(3), 377-390.