Combating against internet worms in large-scale networks: An autonomic signature-based solution

Kumar Simkhada, Tarik Taleb, Yuji Waizumi, Abbas Jamalipour, Yoshiaki Nemoto

Research output: Contribution to journalArticlepeer-review

10 Citations (Scopus)

Abstract

In this paper, we propose a signature-based hierarchical email worm detection (SHEWD) system to detect e-mail worms in large-scale networks. The proposed system detects novel worms and instantly generates their signatures. This feature helps to check the spread of any kind of worm-known or unknown. We envision a two-layer hierarchical architecture comprising local security managers (LSMs), metropolitan security managers (MSM), and a global security manager (GSM). Local managers collect suspicious flows and hand them to metropolitan managers. Metropolitan managers then use cluster analysis to sort worms from the suspicious flows. The sorted worms are used to generate the worm signature which is relayed to the global manager and then to all the collaborating networks. A separate scheme is proposed to automatically select suitable values of the system parameters. This parameter selection procedure takes into account the current network state and the threat level of the ongoing attack. The performance of the whole system is investigated using real network traffic with traces of worms. Experimental results demonstrate that the proposed scheme is capable to accurately detect email worms during the early phase of their propagations.

Original languageEnglish
Pages (from-to)11-28
Number of pages18
JournalSecurity and Communication Networks
Volume2
Issue number1
DOIs
Publication statusPublished - 2009

Keywords

  • Clustering
  • Internet worms
  • Network security
  • Worm signature

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Combating against internet worms in large-scale networks: An autonomic signature-based solution'. Together they form a unique fingerprint.

Cite this