A data mining approach for detection of self-propagating worms Marhusin, Mohd Fadzli, Lokan, Chris, Larkin, Henry and Cornforth, David 2009, A data mining approach for detection of self-propagating worms, in NSS 2009 : Proceedings of the third International Conference on Network and System Security, IEEE, Piscataway, N.J., pp. 24-29, doi: 10.1109/NSS.2009.88. Attached Files Name Description MIMEType Size Downloads larkin-datamining-2009.pdf Published version application/pdf 519.74KB 254 Title A data mining approach for detection of self-propagating worms Author(s) Marhusin, Mohd Fadzli Lokan, Chris Larkin, Henry orcid.org/0000-0001-5867-1542 Cornforth, David Conference name Network and System Security International Conference (3rd : 2009 : Gold Coast, Queensland) Conference location Gold Coast, Queensland Conference dates 19-21 Oct. 2009 Title of proceedings NSS 2009 : Proceedings of the third International Conference on Network and System Security Editor(s) [Unknown] Publication date 2009 Conference series Network and System Security International Conference Start page 24 End page 29 Total pages 6 Publisher IEEE Place of publication Piscataway, N.J. Keyword(s) data-mining self-propagating worms Summary In this paper we demonstrate our signature based detector for self-propagating worms. We use a set of worm and benign traffic traces of several endpoints to build benign and worm profiles. These profiles were arranged into separate n-ary trees. We also demonstrate our anomaly detector that was used to deal with tied matches between worm and benign trees. We analyzed the performance of each detector and also with their integration. Results show that our signature based detector can detect very high true positive. Meanwhile, the anomaly detector did not achieve high true positive. Both detectors, when used independently, suffer high false positive. However, when both detectors were integrated they maintained a high detection rate of true positive and minimized the false positive ISBN 9780769538389 Language eng DOI 10.1109/NSS.2009.88 Field of Research 089999 Information and Computing Sciences not elsewhere classified Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences HERDC Research category E1.1 Full written paper - refereed Copyright notice ©2009, IEEE Free to Read? Yes Persistent URL http://hdl.handle.net/10536/DRO/DU:30063697 Document type: Conference Paper Collections: Faculty of Science, Engineering and Built Environment School of Information Technology Open Access Collection Related Links Link Description Connect to published version (restricted access) Go to link with your DU access privileges     Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved. Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au. Versions Version Filter Type Thu, 29 May 2014, 14:49:01 EST Tue, 03 Jun 2014, 11:11:19 EST Wed, 04 Jun 2014, 11:16:06 EST Wed, 04 Jun 2014, 11:18:12 EST Wed, 04 Jun 2014, 14:08:23 EST Thu, 05 Jun 2014, 09:52:36 EST Tue, 06 Sep 2016, 23:46:55 EST Wed, 06 Dec 2017, 06:06:51 EST Sat, 13 Jan 2018, 01:43:08 EST Fri, 07 Sep 2018, 17:55:14 EST Filtered Full Citation counts:   Cited 0 times in TR Web of Science Cited 0 times in Scopus Search Google Scholar Access Statistics: 267 Abstract Views, 254 File Downloads  -  Detailed Statistics Created: Thu, 29 May 2014, 14:49:01 EST