An efficient signature-based approach for automatic detection of internet worms over large-scale networks

Kumar Simkhada, Tarik Taleb, Yuji Waizumi, Abbas Jamalipour, Nei Kato, Yoshiaki Nemoto

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, an efficient signature-based method is proposed for automatic detection of worms over large-scale networks. In the proposed system, detection is performed in a hierarchical manner. Security managers of local networks collect worm-like or suspicious flows and handle these flows to high-hierarchy metropolitan managers. In response, the latter use this information to generate robust signature. The global manager which lies on top of the hierarchy, multicasts the signature to local managers via metropolitan managers. This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms. Experimental results indicate that the proposed system exhibits high detection rates with low false alarm rates.

Original languageEnglish
Title of host publication2006 IEEE International Conference on Communications, ICC 2006
Pages2364-2369
Number of pages6
DOIs
Publication statusPublished - 2006 Dec 1
Event2006 IEEE International Conference on Communications, ICC 2006 - Istanbul, Turkey
Duration: 2006 Jul 112006 Jul 15

Publication series

NameIEEE International Conference on Communications
Volume5
ISSN (Print)0536-1486

Other

Other2006 IEEE International Conference on Communications, ICC 2006
CountryTurkey
CityIstanbul
Period06/7/1106/7/15

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'An efficient signature-based approach for automatic detection of internet worms over large-scale networks'. Together they form a unique fingerprint.

  • Cite this

    Simkhada, K., Taleb, T., Waizumi, Y., Jamalipour, A., Kato, N., & Nemoto, Y. (2006). An efficient signature-based approach for automatic detection of internet worms over large-scale networks. In 2006 IEEE International Conference on Communications, ICC 2006 (pp. 2364-2369). [4024518] (IEEE International Conference on Communications; Vol. 5). https://doi.org/10.1109/ICC.2006.255123