一种早期检测未知蠕虫的新方法

21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) Pub Date : 2007-05-21 DOI:10.1109/AINAW.2007.33

Y. Yamada, T. Katoh, B. B. Bista, T. Takata

{"title":"一种早期检测未知蠕虫的新方法","authors":"Y. Yamada, T. Katoh, B. B. Bista, T. Takata","doi":"10.1109/AINAW.2007.33","DOIUrl":null,"url":null,"abstract":"Recently, many worms such as Sassar worm or MS Blaster worm, had made serious damages to many hosts on Internet. These worms spread and damage many hosts on Internet by exploiting vulnerability of network application and/or operating system. Infection of worms that exploit the vulnerability of software can be prevented by applying proper software patches. However, it is impossible to prevent an infection of worms that exploit unknown vulnerability by only that method. In this paper, we propose a new method for detecting unknown worms by using hop number distribution of packets received by a host. We also present a system design for real time detection of unknown worms' activity by employing the proposed method.","PeriodicalId":338799,"journal":{"name":"21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)","volume":"634 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A New Approach to Early Detection of an Unknown Worm\",\"authors\":\"Y. Yamada, T. Katoh, B. B. Bista, T. Takata\",\"doi\":\"10.1109/AINAW.2007.33\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, many worms such as Sassar worm or MS Blaster worm, had made serious damages to many hosts on Internet. These worms spread and damage many hosts on Internet by exploiting vulnerability of network application and/or operating system. Infection of worms that exploit the vulnerability of software can be prevented by applying proper software patches. However, it is impossible to prevent an infection of worms that exploit unknown vulnerability by only that method. In this paper, we propose a new method for detecting unknown worms by using hop number distribution of packets received by a host. We also present a system design for real time detection of unknown worms' activity by employing the proposed method.\",\"PeriodicalId\":338799,\"journal\":{\"name\":\"21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)\",\"volume\":\"634 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-05-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AINAW.2007.33\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINAW.2007.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

最近，许多蠕虫，如Sassar蠕虫或MS Blaster蠕虫，对互联网上的许多主机造成了严重的破坏。这些蠕虫利用网络应用程序和/或操作系统的漏洞在互联网上传播和破坏许多主机。利用软件漏洞的蠕虫感染可以通过应用适当的软件补丁来防止。然而，仅仅通过这种方法是不可能阻止利用未知漏洞的蠕虫感染的。本文提出了一种利用主机接收数据包的跳数分布来检测未知蠕虫的新方法。我们还提出了一种利用该方法实时检测未知蠕虫活动的系统设计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A New Approach to Early Detection of an Unknown Worm

Recently, many worms such as Sassar worm or MS Blaster worm, had made serious damages to many hosts on Internet. These worms spread and damage many hosts on Internet by exploiting vulnerability of network application and/or operating system. Infection of worms that exploit the vulnerability of software can be prevented by applying proper software patches. However, it is impossible to prevent an infection of worms that exploit unknown vulnerability by only that method. In this paper, we propose a new method for detecting unknown worms by using hop number distribution of packets received by a host. We also present a system design for real time detection of unknown worms' activity by employing the proposed method.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)

自引率

0.00%

发文量