A low cost worm detection technique based on flow payload similarity

Youhei Suzuki, Yuji Waizumi, Hiroshi Tsunoda, Yoshiaki Nemoto

Research output: Contribution to conferencePaper

1 Citation (Scopus)

Abstract

Recently, damages of information systems by worms have been reported at global level. Signature based Intrusion Detection Systems (IDSs) are widley used to prevent these damages. To handle newly created worms, automatic signature generation techniques based on common strings in the payloads of multiple worm flows of the same kind have been proposed. Because these techniques need to use multiple strings as a signature for each kind of worm to acheive high detection accuracy, the calculation cost to detect worms is a serious issue. In this paper, we propose a novel scheme that does not use common character strings. The proposed scheme uses a 256-dimensional vector based on the appearance frequencies of 256 character codes. This vector is generated automatically and used as a mean to detect worms with low cost. In addition, we construct a cheap worm detection system by using the proposed method as the first stage analysis of conventional IDS. We evaluate the proposed scheme through experiments and present its performance.

Original languageEnglish
Pages414-417
Number of pages4
Publication statusPublished - 2007 Dec 1
Event3rd International Conference on Web Information Systems and Technologies, Webist 2007 - Barcelona, Spain
Duration: 2007 Mar 32007 Mar 6

Other

Other3rd International Conference on Web Information Systems and Technologies, Webist 2007
CountrySpain
CityBarcelona
Period07/3/307/3/6

Keywords

  • Clustering
  • Intrusion Detection
  • Similarity of Flow Payloads
  • Worm

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'A low cost worm detection technique based on flow payload similarity'. Together they form a unique fingerprint.

  • Cite this

    Suzuki, Y., Waizumi, Y., Tsunoda, H., & Nemoto, Y. (2007). A low cost worm detection technique based on flow payload similarity. 414-417. Paper presented at 3rd International Conference on Web Information Systems and Technologies, Webist 2007, Barcelona, Spain.