A data mining approach for detection of self-propagating worms
Marhusin, Mohd Fadzli, Lokan, Chris, Larkin, Henry and Cornforth, David 2009, A data mining approach for detection of self-propagating worms, in NSS 2009 : Proceedings of the third International Conference on Network and System Security, IEEE, Piscataway, N.J., pp. 24-29, doi: 10.1109/NSS.2009.88.
In this paper we demonstrate our signature based detector for self-propagating worms. We use a set of worm and benign traffic traces of several endpoints to build benign and worm profiles. These profiles were arranged into separate n-ary trees. We also demonstrate our anomaly detector that was used to deal with tied matches between worm and benign trees. We analyzed the performance of each detector and also with their integration. Results show that our signature based detector can detect very high true positive. Meanwhile, the anomaly detector did not achieve high true positive. Both detectors, when used independently, suffer high false positive. However, when both detectors were integrated they maintained a high detection rate of true positive and minimized the false positive
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.
Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO.
If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.
Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.