Deakin University
Browse
larkin-datamining-2009.pdf (519.75 kB)

A data mining approach for detection of self-propagating worms

Download (519.75 kB)
conference contribution
posted on 2009-01-01, 00:00 authored by M Marhusin, C Lokan, Henry Larkin, D Cornforth
In this paper we demonstrate our signature based detector for self-propagating worms. We use a set of worm and benign traffic traces of several endpoints to build benign and worm profiles. These profiles were arranged into separate n-ary trees. We also demonstrate our anomaly detector that was used to deal with tied matches between worm and benign trees. We analyzed the performance of each detector and also with their integration. Results show that our signature based detector can detect very high true positive. Meanwhile, the anomaly detector did not achieve high true positive. Both detectors, when used independently, suffer high false positive. However, when both detectors were integrated they maintained a high detection rate of true positive and minimized the false positive

History

Event

Network and System Security International Conference (3rd : 2009 : Gold Coast, Queensland)

Pagination

24 - 29

Publisher

IEEE

Location

Gold Coast, Queensland

Place of publication

Piscataway, N.J.

Start date

2009-10-19

End date

2009-10-21

ISBN-13

9780769538389

Language

eng

Publication classification

E1.1 Full written paper - refereed

Copyright notice

2009, IEEE

Title of proceedings

NSS 2009 : Proceedings of the third International Conference on Network and System Security

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC