A traffic signature-based algorithm for detecting scanning internet worms
Internet worms that spread autonomously from one host to another cause major problem in today’s networks. On 25th January 2003, “Slammer” was released into the internet and after ten minutes the worm infected more than 90% of vulnerable hosts.Worms cause damage to the network by consuming its reso...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Kohat University of Science and Technology (KUST), Pakistan
2009
|
| Subjects: | |
| Online Access: | https://repo.uum.edu.my/id/eprint/2261/1/A_Traffic_Signature-based_Algorithm_for_Detecting.pdf |
| _version_ | 1803624447901433856 |
|---|---|
| author | M. Rasheed, Mohammad Ghazali, Osman Md Norwawi, Norita M. Kadhum, Mohammed |
| author_facet | M. Rasheed, Mohammad Ghazali, Osman Md Norwawi, Norita M. Kadhum, Mohammed |
| author_sort | M. Rasheed, Mohammad |
| collection | UUM |
| description | Internet worms that spread autonomously from one host
to another cause major problem in today’s networks. On 25th
January 2003, “Slammer” was released into the internet and after ten minutes the worm infected more than 90% of vulnerable hosts.Worms cause damage to the network by consuming its resources such as bandwidth. In this paper, we propose a method for detecting traffic signature for unknown internet worm. The proposed method has two algorithms. The first part is an Intelligent Failure
Connection Algorithm (IFCA) using Artificial Immune System;
IFCA is concerned with detecting the internet worm and stealthy worm. In order to reduce the number of false alarm, the impact of normal network activities is involved but TCP failure and ICMP unreachable connection on same IP address are not calculated because the internet worm strategic attack on the different IP address. The second algorithm Traffic Signature Algorithm (TSA) is concerned with capturing traffic signature of the scanning internet worm. In this paper, we show that the proposed method can
detect traffic signature for MSBlaster worm. |
| first_indexed | 2024-07-04T05:18:32Z |
| format | Article |
| id | uum-2261 |
| institution | Universiti Utara Malaysia |
| language | English |
| last_indexed | 2024-07-04T05:18:32Z |
| publishDate | 2009 |
| publisher | Kohat University of Science and Technology (KUST), Pakistan |
| record_format | dspace |
| spelling | uum-22612011-02-21T03:52:57Z https://repo.uum.edu.my/id/eprint/2261/ A traffic signature-based algorithm for detecting scanning internet worms M. Rasheed, Mohammad Ghazali, Osman Md Norwawi, Norita M. Kadhum, Mohammed TK Electrical engineering. Electronics Nuclear engineering Internet worms that spread autonomously from one host to another cause major problem in today’s networks. On 25th January 2003, “Slammer” was released into the internet and after ten minutes the worm infected more than 90% of vulnerable hosts.Worms cause damage to the network by consuming its resources such as bandwidth. In this paper, we propose a method for detecting traffic signature for unknown internet worm. The proposed method has two algorithms. The first part is an Intelligent Failure Connection Algorithm (IFCA) using Artificial Immune System; IFCA is concerned with detecting the internet worm and stealthy worm. In order to reduce the number of false alarm, the impact of normal network activities is involved but TCP failure and ICMP unreachable connection on same IP address are not calculated because the internet worm strategic attack on the different IP address. The second algorithm Traffic Signature Algorithm (TSA) is concerned with capturing traffic signature of the scanning internet worm. In this paper, we show that the proposed method can detect traffic signature for MSBlaster worm. Kohat University of Science and Technology (KUST), Pakistan 2009-12 Article PeerReviewed application/pdf en https://repo.uum.edu.my/id/eprint/2261/1/A_Traffic_Signature-based_Algorithm_for_Detecting.pdf M. Rasheed, Mohammad and Ghazali, Osman and Md Norwawi, Norita and M. Kadhum, Mohammed (2009) A traffic signature-based algorithm for detecting scanning internet worms. International Journal of Communication Networks and Information Security (IJCNIS), 1 (3). pp. 24-30. ISSN 2076-0930 http://ijcnis.kust.edu.pk/issue/view/427 |
| spellingShingle | TK Electrical engineering. Electronics Nuclear engineering M. Rasheed, Mohammad Ghazali, Osman Md Norwawi, Norita M. Kadhum, Mohammed A traffic signature-based algorithm for detecting scanning internet worms |
| title | A traffic signature-based algorithm for detecting
scanning internet worms |
| title_full | A traffic signature-based algorithm for detecting
scanning internet worms |
| title_fullStr | A traffic signature-based algorithm for detecting
scanning internet worms |
| title_full_unstemmed | A traffic signature-based algorithm for detecting
scanning internet worms |
| title_short | A traffic signature-based algorithm for detecting
scanning internet worms |
| title_sort | traffic signature based algorithm for detecting scanning internet worms |
| topic | TK Electrical engineering. Electronics Nuclear engineering |
| url | https://repo.uum.edu.my/id/eprint/2261/1/A_Traffic_Signature-based_Algorithm_for_Detecting.pdf |
| work_keys_str_mv | AT mrasheedmohammad atrafficsignaturebasedalgorithmfordetectingscanninginternetworms AT ghazaliosman atrafficsignaturebasedalgorithmfordetectingscanninginternetworms AT mdnorwawinorita atrafficsignaturebasedalgorithmfordetectingscanninginternetworms AT mkadhummohammed atrafficsignaturebasedalgorithmfordetectingscanninginternetworms AT mrasheedmohammad trafficsignaturebasedalgorithmfordetectingscanninginternetworms AT ghazaliosman trafficsignaturebasedalgorithmfordetectingscanninginternetworms AT mdnorwawinorita trafficsignaturebasedalgorithmfordetectingscanninginternetworms AT mkadhummohammed trafficsignaturebasedalgorithmfordetectingscanninginternetworms |