Sciweavers

ACSAC
2006
IEEE

On Detecting Camouflaging Worm

14 years 4 months ago
On Detecting Camouflaging Worm
Active worms pose major security threats to the Internet. In this paper, we investigate a new class of active worms, i.e., Camouflaging Worm (C-Worm in short). The C-Worm has the capability to intelligently manipulate its scan traffic volume over time, thereby camouflaging its propagation from existing worm detection systems. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic. We observe that these two types of traffic are barely distinguishable in the time domain, however, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the CWorm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the CWorm traffic from non-worm traffic. We conduct extensive performance evaluations on our...
Wei Yu, Xun Wang, Prasad Calyam, Dong Xuan, Wei Zh
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ACSAC
Authors Wei Yu, Xun Wang, Prasad Calyam, Dong Xuan, Wei Zhao
Comments (0)