You are not logged in.
Openly accessible

A data mining approach for detection of self-propagating worms

Marhusin, Mohd Fadzli, Lokan, Chris, Larkin, Henry and Cornforth, David 2009, A data mining approach for detection of self-propagating worms, in NSS 2009 : Proceedings of the third International Conference on Network and System Security, IEEE, Piscataway, N.J., pp. 24-29, doi: 10.1109/NSS.2009.88.

Attached Files
Name Description MIMEType Size Downloads
larkin-datamining-2009.pdf Published version application/pdf 519.74KB 51

Title A data mining approach for detection of self-propagating worms
Author(s) Marhusin, Mohd Fadzli
Lokan, Chris
Larkin, HenryORCID iD for Larkin, Henry orcid.org/0000-0001-5867-1542
Cornforth, David
Conference name Network and System Security International Conference (3rd : 2009 : Gold Coast, Queensland)
Conference location Gold Coast, Queensland
Conference dates 19-21 Oct. 2009
Title of proceedings NSS 2009 : Proceedings of the third International Conference on Network and System Security
Editor(s) [Unknown]
Publication date 2009
Conference series Network and System Security International Conference
Start page 24
End page 29
Total pages 6
Publisher IEEE
Place of publication Piscataway, N.J.
Keyword(s) data-mining
self-propagating worms
Summary In this paper we demonstrate our signature based detector for self-propagating worms. We use a set of worm and benign traffic traces of several endpoints to build benign and worm profiles. These profiles were arranged into separate n-ary trees. We also demonstrate our anomaly detector that was used to deal with tied matches between worm and benign trees. We analyzed the performance of each detector and also with their integration. Results show that our signature based detector can detect very high true positive. Meanwhile, the anomaly detector did not achieve high true positive. Both detectors, when used independently, suffer high false positive. However, when both detectors were integrated they maintained a high detection rate of true positive and minimized the false positive
ISBN 9780769538389
Language eng
DOI 10.1109/NSS.2009.88
Field of Research 089999 Information and Computing Sciences not elsewhere classified
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1.1 Full written paper - refereed
Copyright notice ©2009, IEEE
Free to Read? Yes
Persistent URL http://hdl.handle.net/10536/DRO/DU:30063697

Document type: Conference Paper
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in TR Web of Science
Scopus Citation Count Cited 0 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 32 Abstract Views, 51 File Downloads  -  Detailed Statistics
Created: Thu, 29 May 2014, 14:49:01 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.