Sciweavers

CIDM
2007
IEEE

Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining

14 years 22 days ago
Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining
— Detecting unknown worms is a challenging task. Extant solutions, such as anti-virus tools, rely mainly on prior explicit knowledge of specific worm signatures. As a result, after the appearance of a new worm on the Web there is a significant delay until an update carrying the worm’s signature is distributed to anti-virus tools. During this time interval a new worm can infect many computers and cause significant damage. We propose an innovative technique for detecting the presence of an unknown worm, not necessarily by recognizing specific instances of the worm, but rather based on the computer measurements. We designed an experiment to test the new technique employing several computer configurations and background applications activity. During the experiments 323 computer features were monitored. Four feature selection techniques were used to reduce the amount of features and four classification algorithms were applied on the resulting feature subsets. Our results indicate that u...
Robert Moskovitch, Ido Gus, Shay Pluderman, Dima S
Added 07 Dec 2010
Updated 07 Dec 2010
Type Conference
Year 2007
Where CIDM
Authors Robert Moskovitch, Ido Gus, Shay Pluderman, Dima Stopel, Clint Feher, Chanan Glezer, Yuval Shahar, Yuval Elovici
Comments (0)