Detection of Silent Worms using Anomaly Connection Tree

Niagara Falls, Ontario, Canada May 21-May 23

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/AINA.2007.58

21st International Conference on Adva ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nobutaka Kawaguchi Articles by Hiroshi Shigeno Articles by Ken-ichi Okada

	ASCII Text	x
	Nobutaka Kawaguchi, Hiroshi Shigeno, Ken-ichi Okada, "Detection of Silent Worms using Anomaly Connection Tree," Advanced Information Networking and Applications, International Conference on, pp. 412-419, 21st International Conference on Advanced Networking and Applications (AINA '07), 2007.

	BibTex	x
	@article{ 10.1109/AINA.2007.58, author = {Nobutaka Kawaguchi and Hiroshi Shigeno and Ken-ichi Okada}, title = {Detection of Silent Worms using Anomaly Connection Tree}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {0}, year = {2007}, issn = {1550-445X}, pages = {412-419}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2007.58}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - Detection of Silent Worms using Anomaly Connection Tree SN - 1550-445X SP412 EP419 A1 - Nobutaka Kawaguchi, A1 - Hiroshi Shigeno, A1 - Ken-ichi Okada, PY - 2007 KW - null VL - 0 JA - Advanced Information Networking and Applications, International Conference on ER -

Nobutaka Kawaguchi, Keio University

Hiroshi Shigeno, Keio University

Ken-ichi Okada, Keio University

In this paper we propose a worm detection method that detects Silent worms effectively in intranet and LANs. Most existing detection methods use aggressive activities of worms as a clue for detection and are ineffective against worms that propagate silently using a list of vulnerable hosts. To detect such worms, we propose Anomaly Connection Tree Method (ACTM). ACTM uses two features present to most worms. First is that the worms?s propagation behaviour is expressed as tree-like structures composed of infection connections as edges. Second is that when selecting infection targets, the worm does not consider which hosts its infected host communicates to frequently. Then, by detecting composed of anomaly connections, ACTM detects the existence of worms. Through the simulation results, it has been shown that ACTM can detect the worms in an early stage of the propagation activities.

Citation:

Nobutaka Kawaguchi, Hiroshi Shigeno, Ken-ichi Okada, "Detection of Silent Worms using Anomaly Connection Tree," aina, pp.412-419, 21st International Conference on Advanced Networking and Applications (AINA '07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.