{"title":"动态蠕虫扫描速率变化的有效检测","authors":"Wei Yu, Xun Wang, D. Xuan, David Lee","doi":"10.1109/SECCOMW.2006.359549","DOIUrl":null,"url":null,"abstract":"Active worms have been posing a major security threat to today's Internet. It is widely believed that active worms continue their evolutions. In this paper, we model a new form of active worms called varying scan rate worm (the VSR worm in short). The VSR worm deliberately varies its scan rate and is able to avoid being effectively detected by existing worm detection schemes. The emerging \"Atak\" worm belongs to this category of worms. To countermeasure the VSR worm, we design a new worm detection scheme called attack target distribution entropy based dynamic detection scheme (DEC detection in short). DEC detection utilizes the attack target distribution and its statistical entropy in conjunction with dynamic decision rules to distinguish worm scan traffic from non-worm scan traffic. We conduct extensive performance evaluations on the DEC detection scheme, using real-world traces as background scan traffic. Our data clearly demonstrates the effectiveness of the DEC detection scheme in detecting VSR worms as well as traditional worms","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"349 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Effective Detection of Active Worms with Varying Scan Rate\",\"authors\":\"Wei Yu, Xun Wang, D. Xuan, David Lee\",\"doi\":\"10.1109/SECCOMW.2006.359549\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Active worms have been posing a major security threat to today's Internet. It is widely believed that active worms continue their evolutions. In this paper, we model a new form of active worms called varying scan rate worm (the VSR worm in short). The VSR worm deliberately varies its scan rate and is able to avoid being effectively detected by existing worm detection schemes. The emerging \\\"Atak\\\" worm belongs to this category of worms. To countermeasure the VSR worm, we design a new worm detection scheme called attack target distribution entropy based dynamic detection scheme (DEC detection in short). DEC detection utilizes the attack target distribution and its statistical entropy in conjunction with dynamic decision rules to distinguish worm scan traffic from non-worm scan traffic. We conduct extensive performance evaluations on the DEC detection scheme, using real-world traces as background scan traffic. Our data clearly demonstrates the effectiveness of the DEC detection scheme in detecting VSR worms as well as traditional worms\",\"PeriodicalId\":156828,\"journal\":{\"name\":\"2006 Securecomm and Workshops\",\"volume\":\"349 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 Securecomm and Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECCOMW.2006.359549\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 Securecomm and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECCOMW.2006.359549","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Effective Detection of Active Worms with Varying Scan Rate
Active worms have been posing a major security threat to today's Internet. It is widely believed that active worms continue their evolutions. In this paper, we model a new form of active worms called varying scan rate worm (the VSR worm in short). The VSR worm deliberately varies its scan rate and is able to avoid being effectively detected by existing worm detection schemes. The emerging "Atak" worm belongs to this category of worms. To countermeasure the VSR worm, we design a new worm detection scheme called attack target distribution entropy based dynamic detection scheme (DEC detection in short). DEC detection utilizes the attack target distribution and its statistical entropy in conjunction with dynamic decision rules to distinguish worm scan traffic from non-worm scan traffic. We conduct extensive performance evaluations on the DEC detection scheme, using real-world traces as background scan traffic. Our data clearly demonstrates the effectiveness of the DEC detection scheme in detecting VSR worms as well as traditional worms
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
