Early Worm Detection for Minimizing Damage in E-Service Networks

Early Worm Detection for Minimizing Damage in E-Service Networks

Tarek Sobh (University of Bridgeport, USA) and Heba Z. El-Fiqi (Zagazig University, Egypt)
DOI: 10.4018/978-1-61520-789-3.ch027
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

One of the most powerful weapons for attackers is the Internet worm. Specifically, a worm attacks vulnerable computer systems and employs self-propagating methods to flood the Internet rapidly. Since a “Worm” is self-propagated through the connected network, it doesn’t need human interaction or file transmission to replicate itself. It spreads in minutes; Slammer worms infect about 75,000 nodes through the internet in about 10 minutes. Since most of antivirus programs detect viruses based on their signature, then this approach can’t detect new viruses or worms till being updated with their signature, which can’t be known unless some systems had already been infected. This highlights worms are still on the top of malware threats attacking computer systems, although the evolution of worms detection techniques. Early detection of unknown worms is still a problem. This chapter produce a method for detecting unknown worms based on local victim information. The proposed system uses Artificial Neural Network (ANN) for classifying worm/ nonworm traffic and predicting the percentage of infection in the infected network. This prediction can be used to support decision making processes for network administrators to respond quickly to worm propagation in an accurate procedure.
Chapter Preview
Top

Background

Since the Morris worm arose in 1988, Internet worms have been a persistent security threat, for example, the Code Red worm compromised at least 359,000 machines in 24 hours on July 19, 2001 [Chen Z., 2007]. The Slammer worm was unleashed with a 376-byte user datagram protocol (UDP) packet and infected more than 90% of vulnerable hosts in 10 minutes on January 25, 2003 [Chen Z., 2007]. These active worms caused large parts of the Internet to be temporarily inaccessible and cost both public and private sectors millions of dollars. Moreover, the frequency and the virulence of active-worm outbreaks have been increasing dramatically in the last few years, presenting a significant threat to today’s Internet. Therefore, it is imperative to characterize the worm attack behaviors, analyze Internet vulnerabilities, and study countermeasures accordingly.

Complete Chapter List

Search this Book:
Reset