Browse > Article

Macroscopic Treatment to Unknown Malicious Mobile Codes  

Lee, Kang-San ((주)콘델라 R&D 연구소)
Kim, Chol-Min ((주)시스온칩 부설연구소)
Lee, Seong-Uck (신구대학 인터넷정보과)
Hong, Man-Pyo (아주대학교 정보및컴퓨터공학부)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.12, no.6, 2006 , pp. 339-348 More about this Journal
Abstract
Recently, many researches on detecting and responding worms due to the fatal infrastructural damages explosively damaged by automated attack tools, particularly worms. Network service vulnerability exploiting worms have high propagation velocity, exhaust network bandwidth and even disrupt the Internet. Previous worm researches focused on signature-based approaches however these days, approaches based on behavioral features of worms are more highlighted because of their low false positive rate and the attainability of early detection. In this paper, we propose a Distributed Worm Detection Model based on packet marking. The proposed model detects Worm Cycle and Infection Chain among which the behavior features of worms. Moreover, it supports high scalability and feasibility because of its distributed reacting mechanism and low processing overhead. We virtually implement worm propagation environment and evaluate the effectiveness of detecting and responding worm propagation.
Keywords
Worm; Computer Virus; Macrospic Treatment; Distributed Worm Detection Model;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Nicholas Weaver, Vern Paxson, Stuart Staniford and Robert Cunningham, A taxonomy of computer worms, In WORM'03 October 27, 2003, ACM,Whshington, DC, USA   DOI
2 A. Perrig, D. song and A Yaar, Pi: A Path Identification Mechanism to Defend against DDoS Attacks, In Proceedings of the 2003 Security and Privacy Symposium, May 2003
3 Shigang Chen and Yong Tang, Slowing down Internet worms, In Proceedings of The $24^{th}$ International Conference on Distributed Computing System (ICDCS'04), March 2004, IEEE, Tokyo, Japan   DOI
4 Yinglian Xie, Sekar, V., Maltz, D. A, Reiter, M. K. and Hui Zhang, Worm Origin Identification Using Random Moonwalks, Security and Privacy, 2005, IEEE Symposium   DOI
5 Heeran Lim and Manpyo Hong, Effective Packet Marking Approach to Defend against DDoS Attack, Computational Science and Its Applications, ICCSA 2004, International Conference, Assisi, Italy, May 14-17, 2004
6 Kim, H.A and Karp, B., Autograph: Toward Automated, Distributed Worm Signature Detection, in the Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, August, 2004
7 Stuart E. Schechter, jaeyeon jung and Arthur W. Berger, Fast Detection of Scanning Worm Infections, Recent Advances in Intrusion Detection, $7^{th}$ International Symposium, RAID 2004, Sophia Antipolis, France, September 15-17, 2004
8 Zesheng Chen, Lixin Gao and Kevin Kwiat, Modeling the spread of active worms, In IEEE INFOCOM 2003, IEEE, April 2003
9 Cholmin Kim, Seong-uck Lee andManpyo Hong, Macroscopic Treatment to Polymorphic E-mail Based Viruses, LNCS 3045(Springer-Verlag), Computational Science and Its Applications - ICCSA 2004, pp.867-876, 2004, 5
10 Al-Hammadi, Y. and Leckie, C., Anomaly Detection for Internet Worms, Integrated Network Management, 2005, IM 2005, 2005 $9^{th}$ IFIP/IEEE Intermational Symposium   DOI
11 Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage, Automated Worm Fingerprinting, Proceedings of the ACM/USENIX Symposium on Operating System Design and Implementation, San Francisco, CA, December 2004
12 Nicholas Weaver, Stuart Staniford and Vern Paxson, Very Fast Containment of Scanning Worms, Proceedings of the 13th Usenix Security Conference, 2004