An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment
Most current anti-worm systems and intrusion-detection systems use signature-based technology instead of anomaly-based technology. Signature-based technology can only detect known attacks with identified signatures. Existing anti-worm systems cannot detect unknown Internet scanning worms automatical...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | eng eng |
| Published: |
2012
|
| Subjects: | |
| Online Access: | https://etd.uum.edu.my/3353/1/MOHAMMAD_M._RASHEED.pdf https://etd.uum.edu.my/3353/3/MOHAMMAD_M._RASHEED.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-uum-etd.3353 |
|---|---|
| record_format |
uketd_dc |
| institution |
Universiti Utara Malaysia |
| collection |
UUM ETD |
| language |
eng eng |
| advisor |
Ghazali, Osman Budiarto, Rahmat |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Rasheed, Mohammad M. An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment |
| description |
Most current anti-worm systems and intrusion-detection systems use signature-based technology instead of anomaly-based technology. Signature-based technology can only detect known attacks with identified signatures. Existing anti-worm systems cannot detect unknown Internet scanning worms automatically because these systems do not depend upon worm behaviour but upon the worm’s signature. Most detection algorithms used in current detection systems target only monomorphic worm payloads and offer no defence against polymorphic worms, which changes the payload dynamically. Anomaly detection systems can detect unknown worms but usually suffer from a high false alarm rate. Detecting unknown worms is challenging, and the worm defence must be automated because worms spread quickly and can flood the Internet in a short time. This research proposes an accurate, robust and fast technique to detect and contain Internet worms (monomorphic and polymorphic). The detection technique uses specific failure connection statuses on specific protocols such as UDP, TCP, ICMP, TCP slow scanning and stealth scanning as characteristics of the worms. Whereas the containment utilizes flags and labels of the segment header and the source and destination ports to generate the traffic signature of the worms. Experiments using eight different worms (monomorphic and polymorphic) in a testbed environment were conducted to verify the performance of the proposed technique. The experiment results showed that the proposed technique could detect stealth scanning up to 30 times faster than the technique proposed by another researcher and had no false-positive alarms for all scanning detection cases. The experiments showed the proposed technique was capable of containing the worm because of the traffic signature’s uniqueness. |
| format |
Thesis |
| qualification_name |
Ph.D. |
| qualification_level |
Doctorate |
| author |
Rasheed, Mohammad M. |
| author_facet |
Rasheed, Mohammad M. |
| author_sort |
Rasheed, Mohammad M. |
| title |
An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment |
| title_short |
An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment |
| title_full |
An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment |
| title_fullStr |
An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment |
| title_full_unstemmed |
An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment |
| title_sort |
innovative signature detection system for polymorphic and monomorphic internet worms detection and containment |
| granting_institution |
Universiti Utara Malaysia |
| granting_department |
Awang Had Salleh Graduate School of Arts & Sciences |
| publishDate |
2012 |
| url |
https://etd.uum.edu.my/3353/1/MOHAMMAD_M._RASHEED.pdf https://etd.uum.edu.my/3353/3/MOHAMMAD_M._RASHEED.pdf |
| _version_ |
1747827554360754176 |
| spelling |
my-uum-etd.33532019-11-14T01:22:28Z An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment 2012 Rasheed, Mohammad M. Ghazali, Osman Budiarto, Rahmat Awang Had Salleh Graduate School of Arts & Sciences Awang Had Salleh Graduate School of Arts & Sciences QA76 Computer software Most current anti-worm systems and intrusion-detection systems use signature-based technology instead of anomaly-based technology. Signature-based technology can only detect known attacks with identified signatures. Existing anti-worm systems cannot detect unknown Internet scanning worms automatically because these systems do not depend upon worm behaviour but upon the worm’s signature. Most detection algorithms used in current detection systems target only monomorphic worm payloads and offer no defence against polymorphic worms, which changes the payload dynamically. Anomaly detection systems can detect unknown worms but usually suffer from a high false alarm rate. Detecting unknown worms is challenging, and the worm defence must be automated because worms spread quickly and can flood the Internet in a short time. This research proposes an accurate, robust and fast technique to detect and contain Internet worms (monomorphic and polymorphic). The detection technique uses specific failure connection statuses on specific protocols such as UDP, TCP, ICMP, TCP slow scanning and stealth scanning as characteristics of the worms. Whereas the containment utilizes flags and labels of the segment header and the source and destination ports to generate the traffic signature of the worms. Experiments using eight different worms (monomorphic and polymorphic) in a testbed environment were conducted to verify the performance of the proposed technique. The experiment results showed that the proposed technique could detect stealth scanning up to 30 times faster than the technique proposed by another researcher and had no false-positive alarms for all scanning detection cases. The experiments showed the proposed technique was capable of containing the worm because of the traffic signature’s uniqueness. 2012 Thesis https://etd.uum.edu.my/3353/ https://etd.uum.edu.my/3353/1/MOHAMMAD_M._RASHEED.pdf text eng validuser https://etd.uum.edu.my/3353/3/MOHAMMAD_M._RASHEED.pdf text eng public http://sierra.uum.edu.my/record=b1242446~S1 Ph.D. doctoral Universiti Utara Malaysia Y.Liang, H.Yang, T.Li, and C.Liu, "A Differential Coefficient Inspired Method for Malicious Software Detection," in Third International Symposium on Intelligent Information Technology Application, 2009, pp. 130-133. I.Ismail, S.M.Nor, and M.N.Marsono, "Malware Control: Issues and Challenges," in Student Conference on Research and Development Malaysia, 2008. S.Burji, K.J.Liszka, and C.Chan, "Malware Analysis Using Reverse Engineering and Data Mining Tools," in International Conference on System Science and Engineering 2010, pp.619-624. R.Ford, "Malcode Mysteries Revealed [Computer Viruses and Worms]," Security & Privacy, IEEE, vol. 3, pp. 72-75, 2005. j.Yang yue and l. Wang chang, "The Spread of Malicious Software Research and Prevention," in Second International Workshop on Education Technology and Computer Science, 2010, pp. 777-780. J.Riordan, A.Wespi, and D.Zamboni, "How to Hook Worms [Computer Network Security]," IEEE Spectrum, vol. 42, pp. 32-36, 2005. Y.Tang, J.Luo, B.Xiao, and G.Wei, "Concept, Characteristics and Defending Mechanism of Worms," IEICE Transactions on Information and Systems, vol. E92, pp. 799-809, 2009. V.Berk, G.Cybenko, and R.Gray, "Early Detection of Active Internet Worms," in Managing Cyber Threats. vol. 5, V.Kumar, J.Srivastava, and A.Lazarevic, Eds., ed: Springer US, 2005, pp. 147-180. C.Xie and Z.Yin, "The Research of Worms in P2P Networks," in International Conference on Computational Intelligence and Natural Computing, 2009, pp. 389-392. M.Lee, T.Shon, K.Cho, M.Chung, J.Seo, and J.Moon, "An Approach for Classifying Internet Worms Based on Temporal Behaviors and Packet Flows," in Advanced Intelligent Computing Theories and Applications. With Aspects of Theoretical and Methodological Issues. vol. 4681, D.-S.Huang, L.Heutte, and M.Loog, Eds., ed: Springer Berlin/Heidelberg, 2007, pp. 646-655. L.Zhijun and D.Lee, "Coping with Instant Messaging Worms-Statistical Modeling and Analysis," in 15th IEEE Workshop on Local & Metropolitan Area Networks, 2007, pp. 194-199. M.Zaki and A.Hamouda, "Design of a Multi Agent System for Worm Spreading Reduction," Journal of Intelligent Information Systems, vol. 35, pp. 123-155, 2010. D.Moore, C.Shannon, and k.claffy, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm," in Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, Marseille, France, 2002, pp. 273-284. C.Shannon and D.Moore, "The Spread of the Witty Worm," IEEE Security and Privacy, vol. 2, pp. 46-50, 2004. Z.Dengyin and W.Ye, "SIRS: Internet Worm Propagation Model and Application," in International Conference on Electrical and Control Engineering 2010, pp. 3029-3032. J.Turnbull, P.Lieverdink, and D.Matotek, "Networking and Firewalls Pro Linux System Administration," ed: Apress, 2009, pp. 175-266. H.Noh, J.Kim, C.Y.Yeun, and K.Kim, "New Polymorphic Worm Detection Based on Instruction Distribution and Signature," in The 2008 Symposium on Cryptography and Information Security, Miyazaki, Japan, 2008. B.Bayoglu and İ.Sogukpinar, "Polymorphic Worm Detection Using Token-Pair Signatures," Turkish Journal of Electrical Engineering & Computer Sciences vol. 17, pp. 163-182, 2009. B.Rozenberg, E.Gudes, and Y.Elovici, "A Distributed Framework for the Detection of New Worm-Related Malware," in Proceedings of the 1st European Conference on Intelligence and Security Informatics, Esbjerg, Denmark, 2008, pp. 179- 190. M.Costa, J.Crowcroft, M.Castro, A.Rowstron, L.Zhou, L.Zhang, and P.Barham, "Vigilante: End-to-End Containment of Internet Worms," ACM SIGOPS Operating Systems Review vol. 39, pp. 133-147, 2005. H.Jingbo, Y.Jianping, and Z.Boyun, "A Computational Model of Computer Worms Based on Persistent Turing Machines," in 5th IEEE International Conference on Cognitive Informatics 2006, pp. 453-456. L.Tsern-Huei and L.Sung-Yen,"Adaptive Sequential Hypothesis Testing for Accurate Detection of Scanning Worms," in TENCON 2009-2009 IEEE Region 10 Conference, 2009, pp. 1-6. K.R. Rohloff and T.Basar, "Stochastic Behavior of Random Constant Scanning Worms," in 14th International Conference on Computer Communications and Networks, 2005, pp. 339-344. A.Tikkanen and T.Virtanen, "Early Warning for Network Worms," in Computational Intelligence and Security. vol. 3802, Y.Hao, J.Liu, Y.-P.Wang, Y.-m.Cheung, H.Yin, L.Jiao, J.Ma, and Y.-C.Jiao, Eds., ed: Springer Berlin/ Heidelberg, 2005, pp. 1054-1059. H.He, M.Hu, W.Zhang, and H.Zhang, "Fast Detection of Worm Infection for Large-Scale Networks," in Advances in Machine Learning and Cybernetics. vol. 3930, D.Yeung, Z.-Q.Liu, X.-Z.Wang, and H.Yan, Eds., ed: Springer Berlin/Heidelberg, 2006, pp. 672-681. M.Costa, J.Crowcroft, M.Castro, A.Rowstron, L.Zhou, L.Zhang, and P.Barham, "Vigilante: End-to-End Containment of Internet Worm Epidemics," ACM Transactions on Computer Systems vol. 26, pp. 1-68, 2008. W.Yu, X.Wang, P.Calyam, D.Xuan, and W.Zhao, "Modeling and Detection of Camouflaging Worm," IEEE Transactions on Dependable and Secure Computing, vol. PP, pp. 1-1, 2010. S.Antonatos, P.Akritidis, E.P.Markatos, and K.G.Anagnostakis, "Defending against Hitlist Worms using Network Address Space Randomization," Computer Networks, vol. 51, pp. 3471-3490, 2007. C.Lu, "Research on Intrusion and Defense of P2P-Based Worm," in ISECS International Colloquium on Computing, Communication, Control, and Management, 2009, pp. 540-543. N.Jamil and T.M.Chen, "A Mathematical View of Network-Based Suppressions of Worm Epidemics," in IEEE International Conference on Communications, 2009, pp. 932-936 L.Pele, M.Salour, and S.Xiao, "A Survey of Internet Worm Detection and Containment," IEEE Communications Surveys and Tutorials, vol. 10, pp. 20-35, 2008. M.M.Z.E.Mohammed, H.A.Chan, N.Ventura, M.Hashim, I.Amin, and E.Bashier, "Detection of Zero-Day Polymorphic Worms Using Principal Component Analysis," in Sixth International Conference on Networking and Services 2010, pp. 277-281. M.F.Zolkipli and A.Jantan, "A Framework for Malware Detection using Combination Technique and Signature Generation," in Second International Conference on Computer Research and Development, 2010, pp. 196-199. R.Moskovitch, C.Feher, and Y.Elovici, "A Chronological Evaluation of Unknown Malcode Detection," in Intelligence and Security Informatics. vol. 5477, H.Chen, C.Yang, M.Chau, and S.-H.Li, Eds., ed: Springer Berlin/Heidelberg, 2009, pp. 112-117. F.Min and R.Gupta, "Detecting Virus Mutations Via Dynamic Matching," in IEEE International Conference on Software Maintenance, 2009, pp. 105-114. R.Moskovitch, N.Nissim, R.Englert, and Y.Elovici, "Active Learning to Improve the Detection of Unknown Computer Worms Activity," in 11th International Conference on Information Fusion, 2008, pp. 1-8. R.Moskovitch, I.Gus, S.Pluderman, D.Stopel, C.Feher, C.Glezer, Y.Shahar, and Y.Elovici, "Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining," in IEEE Symposium on Computational Intelligence and Data Mining, 2007, pp. 202-209. Y.Tang and S.Chen, "Defending against Internet Worms: A Signature-Based Approach," in Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies, 2005, pp. 1384-1394 M.Uddin, K.Khowaja, and A.A.Rehman, "Dynamic Multi-Layer Signature Based Intrusion Detection System using Mobile Agents," International Journal of Network Security & Its Applications, vol. 2, pp. 129-141, 2010. M.Costa, "End-to-End Containment of Internet Worm Epidemics," Churchill College, University of Cambridge, 2006. G.Blanc and Y.Kadobayashi, "Towards Learning Intentions in Web 2.0," in 4th Joint Workshop on Information Security, Kaohsiung , Taiwan, 2009. S.Chen and Y.Tang, "DAW: A Distributed Antiworm System," IEEE Transactions on Parallel and Distributed Systems, vol. 18, pp. 893-906, 2007. F.C.C. Osorio and F.S.Posluszny,"Overcoming the Limitations in Computer Worm Models," in 5th International Conference on Malicious and Unwanted Software, 2010, pp. 81-90. P.Szor, The Art of Computer Virus Research and Defense: Addison-Wesley Professional, 2005. Z.Mao, N.Li, H.Chen, and X.Jiang, "Trojan Horse Resistant Discretionary Access Control," in Proceedings of the 14th ACM symposium on Access control models and technologies, Stresa, Italy, 2009, pp. 237-246. B.Acohido and J.Swartz. (2006 ). E-mail Worm Bent only on Destruction. Available: http://www.usatoday.com/tech/news/computer security/2006-01-30-email-virus_x.htm, [Accessed: 1st April 2011]. M.Mannan and P.C.v.Oorschot, "On Instant Messaging Worms, Analysis and Countermeasures," in ACM workshop on Rapid malcode, Fairfax, VA, USA, 2005. J.O.Kephart, D.M.Chess, and S.R.White, "Computers and Epidemiology," in IEEE Spectrum, 1993, pp. 20-26. D.County. (2006). Antivirus Software Defrag & File CleanupComputer. Available: http://www.uwex.edu/ces/cty/dodge/4h/projects/ documents/10-17Workshop.pdf, [Accessed: 13th March 2011]. Z.Hanxun, W.Yingyou, and Z.Hong, "Passive Worm Propagation Modeling and Analysis," in International Multi-Conference on Computing in the Global Information Technology, 2007, pp. 32-32. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, "An Taxonomy of Computer Worms," in Proceedings of the 2003 ACM Workshop on Rapid Malcode, 2003, pp. 11-18. D.Seeley, "A Tour of the Worm," in Proceedings of 1989 Winter USENIX Conference, San Diego, 1989, pp. 287-304. P.Y.Li, "Defending Flash Worms: Contemporary Detection Schemes and a Hierarchical Model," M.S., San Jose State University, United States California, 2006. C.C.Zou, D.Towsley, and W.Gong, "On the Performance of Internet Worm Scanning Strategies," Performance Evaluation, vol. 63, pp. 700-723, 2006. K.R.Rohloff and T.Basar, "Deterministic and Stochastic Models for the Detection of Random Constant Scanning Worms," ACM: Transactions on Modeling and Computer Simulation, vol. 18, pp. 1-24, 2008. S.H.Sellke, N.B.Shroff, and S.Bagchi, "Modeling and Automated Containment of Worms," IEEE Transactions on Dependable and Secure Computing, vol. 5, pp. 71-86, 2008. P.K.Manna, S.Chen, and S.Ranka, "Inside the Permutation-Scanning Worms: Propagation Modeling and Analysis," IEEE/ACM Transactions on Networking, vol. 18, pp. 858-870, 2010. Z.Chen, C.Chen, and C.Ji, "Understanding Localized-Scanning Worms," in IEEE International Performance, Computing, and Communications Conference, 2007, pp. 186-193. C.C.Zou, L.Gao, W.Gong, and D.Towsley, "Monitoring and Early Warning for Internet Worms," in Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington D.C., USA, 2003, pp. 190-199. S.Qing and W.Wen, "A Survey and Trends on Internet Worms," Computers & Security, vol. 24, pp. 334-346, 2005. C.C.Zou, G.Weibo, D.Towsley, and G.Lixin, "The Monitoring and Early Detection of Internet Worms," IEEE/ACM Transactions on Networking, vol. 13, pp. 961-974, 2005. S.Hatahet, Y.Challal, and A.Bouabdallah, "BitTorrent Worm Sensor Network : P2P Worms Detection and Containment," in 17th Euromicro International Conference on Parallel, Distributed and Network-based Processing, 2009, pp. 293-300. D.Hati, B.Sahoo, and A.Kumar, "Adaptive Focused Crawling Based on Link Analysis," in 2nd International Conference on Education Technology and Computer 2010, pp. 455-460. J.Hua and K.Sakurai, "Modeling and Containment of Search Worms Targeting Web Applications," in Detection of Intrusions and Malware, and Vulnerability Assessment. vol. 6201, C. Kreibich and M. Jahnke, Eds., ed: Springer Berlin/ Heidelberg, 2010, pp. 183-199. N.Provos, J.McClain, and K.Wang, "Search Worms," in Proceedings of the 4th ACM workshop on Recurring malcode, Alexandria, Virginia, USA, 2006, pp. 1-8. E.Levy, "Worm Propagation and Generic Attacks," IEEE Security and Privacy, vol. 3, pp. 63-65, 2005. M.P.Collins, "Using Protocol Graphs to Identify Hit-List Attackers," CERT Research Annual Report 2007. J.Jung, R.Milito, and V.Paxson, "On the Adaptive Real-Time Detection of Fast-Propagating Network Worms," Journal in Computer Virology, vol. 4, pp. 197-210, 2008. C.Partridge and T.J.Shepard, "TCP/IP Performance over Satellite Links," IEEE Network, vol. 11, pp. 44-49, 1997. K. Myung-Sup, K. Hun-Jeong, H. Seong-Cheol, C. Seung-Hwa, and J.W. Hong, "A Flow-based Method for Abnormal Network Traffic Detection," in IEEE/IFIP Network Operations and Management Symposium, 2004, pp. 599-612 J.-S. Park and M.-S. Kim, "Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System," in Challenges for Next Generation Network Operations and Service Management. vol. 5297, Y.Ma, D.Choi, and S.Ata, Eds., ed: Springer Berlin/Heidelberg, 2008, pp. 380-389. S.H.C. Haris, G.M. Waleed, R.B. Ahmad, and M.A.H.A. Ghani, "Anomaly Detection of IP Header Threats," International Journal of Computer Science and Security, vol. 4, pp. 497-504, 2011. S.Savage, N.Cardwell, D.Wetherall, and T.Anderson, "TCP Congestion Control with a Misbehaving Receiver," ACM SIGCOMM Computer Communication Review vol. 29, pp. 71-78, 1999. W.Jia and W.Zhou, "Internetworking," in Distributed Network Systems. vol. 15, ed: Springer US, 2005, pp. 65-78. P.Marques, H.Castro, and M.Ricardo, "Monitoring Emerging IPv6 Wireless Access Networks," IEEE Wireless Communications, vol. 12, pp. 47-53, 2005. M.Ravindran and R.Bhaskaran, "A Novel Detection of Network Errrors by Study of Raw TCP/IP Packets," in International Conference on Computer Technology and Development, 2009, pp. 372-376. B.A.Forouzan, Data Communications and Networking Four Edition: McGraw-Hill Science, 2007. G.Bakos and V.B.Early, "Early Detection of Internet Worm Activity by Metering ICMP Destination Unreachable Messages," in Proceedings of the the SPIE Aerosense, 2002, pp. 33-42. V.Berk, G.Bakos, and R.Morris, "Designing a Framework for Active Worm Detection on Global Networks," in First IEEE International Workshop on Information Assurance, 2003, pp. 13-23. J.Postel. (1981). RFC 792 “Internet Control Message Protocol”. Available: http://www.ietf.org/rfc/rfc792.txt, [Accessed: 2nd August 2011]. J.Liebeherr and M.E.Zarki, Mastering Networks: An Internet Lab Manual: Addison-Wesley, 2004. M.Fukushima and S.Goto, "Analysis of TCP Flags in Congested Network," in Internet Workshop, 1999. IWS 99, 1999, pp. 151-156. X.Jiang and X.Zhu, "vEye: Behavioral Footprinting for Self-Propagating Worm Detection and Profiling," Knowledge and Information Systems, vol. 18, pp. 231-262, 2009. D.R. Ellis, J.G. Aiken, K.S. Attwood, and S.D. Tenaglia, "A Behavioral Approach to Worm Detection," in Proceedings of the 2004 ACM workshop on Rapid malcode, Washington DC, USA, 2004, pp. 43-53. T.Dubendorfer, M.Bossardt, and B.Plattner, "Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation," in 19th IEEE International Parallel and Distributed Processing Symposium, 2005. M.d.Vivo, E.Carrasco, G.Isern, and G.O.d.Vivo, "A Review of Port Scanning Techniques," ACM SIGCOMM Computer Communication Review vol. 29, pp. 41-48, 1999. J.Messer, Secrets of Network Cartography: A Comprehensive Guide to Nmap: http://www.professormesser.com/, 2007. R.Hiestand, "Scan Detection Based Identification of Worm- Infected Hosts," ETHZ, Zurich: Swiss Federal Institute of Technology, 2005. G.F.Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning: Insecure, 2009. W.Yuanlong, W.Chengdong, Z.Xintong, L.Bingyang, and Z.Yunzhou, "An Embedded Wireless Transmission System Based on the Extended User Datagram Protocol (EUDP)," in 2nd International Conference on Future Computer and Communication, 2010, pp. 690-693. T.Nakayama. (2007). W32.Sasser.Worm. Available: http://www.symantec.com/security_response/ writeup.jsp?docid=2004-050116-1831-99&tabid=2, [Accessed: 16th January 2011]. Z.Qianli, W.Jilong, and L.Xing, "Correlation Based Analysis of Spreading Codered Worms," in International Conference on Intelligent Control and Information Processing, 2010, pp. 458-462. J.Canavan. (2007 ). W32.Dabber.A. Available: http://www.symantec.com/security_response/ writeup.jsp?docid=2004-051414-5013-99, [Accessed: 17th January 2011]. J.Oberheide, M.Goff, and M.Karir, "Flamingo: Visualizing Internet Traffic," in 10th IEEE/IFIP Network Operations and Management Symposium, 2006, pp. 150-161. K.Ravindran and S.T.Chanson, "Failure Transparency in Remote Procedure Calls," IEEE Transactions on Computers, vol. 38, pp. 1173-1187, 1989. S.E.Eugene, "The MSBlaster Worm: Going from Bad to Worse," Network Security, vol. 2003, pp. 4-8, 2003. C.Wong, S.Bielski, A.Studer, and C.Wang, "On the Effectiveness of Rate Limiting Mechanisms," in 8th International Symposium on Recent Advances in Intrusion Detection 2005. F.Perriot. (2007). W32.Welchia.Worm. Available: http://www.symantec.com/security_response/ writeup.jsp?docid=2003-081815-2308-99&tabid=2, [Accessed: 17th January 2011]. A.D.Orebaugh and G.Ramirez, Ethereal Packet Sniffing: Syngress Publishing, 2003. I. Hamadeh, J. Hart, G. Kesidis, and V. Pothamsetty, "A Preliminary Simulation of the Effect of Scanning Worm Activity on Multicast," in Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, 2005, pp. 191-198. K.Hayashi. (2007). W32.Protoride.Worm. Available: http://www.symantec.com/security_ response/writeup.jsp?docid=2004-011618-0828-99, [Accessed: 17th January 2011]. N.Hindocha. (2007). W32.HLLW.Raleka. Available: http://www.symantec.com/security_response/ writeup.jsp?docid=2003-082811-4826-99, [Accessed: 17th January 2011]. H.-A.Kim and B.Karp, "Autograph: Toward Automated, Distributed Worm Signature Detection," in in the Proceedings of the 13th Usenix Security Symposium San Diego, 2004. J.Newsome, B.Karp, and D.Song, "Polygraph: Automatically Generating Signatures for Polymorphic Worms," in IEEE Symposium on Security and Privacy, 2005, pp. 226-241. B.Bayoglu and I.Sogukpinar, "Polymorphic Worm Detection Using Token-Pair Signatures," in Proceedings of the 4th international workshop on Security, privacy and trust in pervasive and ubiquitous computing, Sorrento, Italy, 2008, pp. 7-12. D.R.Ellis, "A Behavioral Approach to Worm Detection," Ph.D. dissertation, George Mason University, United States, Virginia, 2006. K.Chong, H.Song, and S.Noh, "Traffic Characterization of the Web Server Attacks of Worm Viruses," in Computational Science -ICCS 2003. vol. 2658, P.Sloot, D.Abramson, A. Bogdanov, Y.Gorbachev, J.Dongarra, and A.Zomaya, Eds., ed: Springer Berlin/Heidelberg, 2003, pp. 681-681. J.Nazario, Defense and Detection Strategies against Internet Worms: Boston:Artech House, 2004. J.Daniel J.Sanok, "An Analysis of How Antivirus Methodologies are Utilized in Protecting Computers from Malicious Code," in Proceedings of the 2nd Annual Conference on Information Security Curriculum Development, Kennesaw, Georgia, 2005, pp. 142-144. X.Yang, Y.Shi, and H.Zhu, "Detection and Location Algorithm against Local-Worm," Science in China Series F: Information Sciences, vol. 51, pp. 1935-1946, 2008. X.Bin, C.Wei, H.Yanxiang, and E.H.M.Sha, "An Active Detecting Method Against SYN Flooding Attack " in 11th International Conference on Parallel and Distributed Systems, 2005, pp. 709-715 Vol. 1. S.H.C.Haris, R.B.Ahmad, and M.A.H.A.Ghani, "Detecting TCP SYN Flood Attack Based on Anomaly Detection," in Second International Conference on Network Applications Protocols and Services 2010, pp. 240-244. V.Berk, R.Gray, and G.Bakos, "Using Sensor Networks and Data Fusion for Early Detection of Active Worms," in 2003 SPIE Aerosense Conference, Orlando, FL, 2003, pp. 92–104. Y.Xiong, L.Jing, Z.Yuguang, and W.Ping, "Simulation and Evaluation of a New Algorithm of Worm Detection and Containment," in Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, 2006, pp. 448-453. G.Gu, M.Sharif, X.Qin, D.Dagon, W.Lee, and G.Riley, "Worm Detection, Early Warning and Response Based on Local Victim Information," in Proceedings of the 20th Annual Computer Security Applications Conference, 2004, pp. 136-145. R.McGrew, "Experiences with Honeypot Systems: Development, Deployment, and Analysis," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences, 2006. W.Harrop and G.Armitage, "Defining and Evaluating Greynets (Sparse Darknets)," in The IEEE Conference on Local Computer Networks, 2005, pp. 344-350. N.Sarnsuwan, C.Charnsripinyo, and N.Wattanapongsakorn, "A New Approach for Internet Worm Detection and Classification ," in 6th International Conference on Networked Computing, 2010, pp. 1-4. J.W.Seifert, "Data Mining: An Overview," RL31798, 2004. M.M.Rasheed, N.M.Norwawi, O.Ghazali, and M.M.Kadhum, "Intelligent Failure Connection Algorithm for Detecting Internet Worms," International Journal of Computer Science and Network Security, vol. 9, pp. 280-285, 2009. R.Dantu, J.Cangussu, and A.Yelimeli, "Dynamic Control of Worm Propagation," in International Conference on Information Technology: Coding and Computing, 2004, pp. 419-423 Vol.1. Snort. (2011). Available: http://www.snort.org, [Accessed: 24th March 2011]. M.Anbar, S.Manickam, A.-S.Hosam, K.-S.Chai, B.Baklizi, and A.Almomani, "Behaviour Based Worm Detection and Signature Automation," Journal of Computer Science, vol. 7, pp. 1724-1728, 2011. X.Fan and Y.Xiang, "Defending against the Propagation of Active Worms," The Journal of Supercomputing, vol. 51, pp. 167-200, 2010. D.J.Malan and M.D.Smith, "Exploiting Temporal Consistency to Reduce False Positives in Host-Based, Collaborative Detection of Worms," in Proceedings of the 4th ACM workshop on Recurring malcode, Alexandria, Virginia, USA, 2006, pp. 25-32. I.Reinhartz-Berger and A.Sturm, "Enhancing UML Models: A Domain Analysis Approach," Journal of Database Management, vol. 19, pp. 74-94, 2008. I.Schinz, T.Toben, C.Mrugalla, and BerndWestphal, "The Rhapsody UML Verification Environment," in International Conference on Software Engineering and Formal Methods, 2004, pp. 174–183. B.Unhelkar, Verification and Validation for Quality of UML 2.0 Models: Wiley-Interscience, 2005. A.Dedeke and B.Lieberman, "Qualifying Use Case Diagram Associations," Computer, vol. 39, pp. 23-29, 2006. G.Li and B.Wang, "SysML Aided Safety Analysis for Safety-Critical Systems Artificial Intelligence and Computational Intelligence." vol. 7002, H.Deng, D.Miao, J.Lei, and F.Wang, Eds., ed: Springer Berlin / Heidelberg, 2011, pp. 270-275. L.Xuandong and J.Lilius, "Checking Compositions of UML Sequence Diagrams for Timing Inconsistency," in Seventh Asia-Pacific Software Engineering Conference, 2000, pp. 154-161. leetupload.com. (2011). Available: http://www.leetupload.com/dbindex2/index.php?dir =Virii/Win32/Worms/&sort=filename&sort_mode=d, [Accessed: 19th June 2011]. T.H. Cormen, C. Stein, R.L. Rivest, and C.E. Leiserson, Introduction to Algorithms: McGraw-Hill Higher Education, 2001. T. Bartz-Beielstein, M. Chiarandini, L. Paquete, and M. Preuss, Experimental Methods for the Analysis of Optimization Algorithms: Springer-Verlag New York, Inc., 2010. K.Yaqub, "Modeling Security Requirements of Target of Evaluation and Vulnerabilities in UML," Master, Business Administration and Social Sciences / Information Systems Sciences, Luleå tekniska universitet 2006. wireshark. (2011). Available: http://www.wireshark.org/, [Accessed: 29th March 2011]. T.Holz, "Learning More About Attack Patterns With Honeypots," in Sicherheit, 2006, pp. 30-41. S.Reddy, S.L, and C.Prasad, "Analysis and Design of Enhanced HTTP Proxy Cashing Server," International Journal of Computer Technology and Applications, vol. 2, pp. 537-541, 2011. J.Yu, H.Lee, B.Lee, M.Kim, and D.Park, "Traffic Flooding Attack Detection and Classification with SNMP MIB via SVDD and Sparse Representation," in Internetional Conference on Information System, Computer Engineering & Application, 2011, pp. 26-34. M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado, "Bouncer: Securing Software by Blocking Bad Input," ACM SIGOPS Operating Systems Review vol. 41, pp. 117-130, 2007. R. Moskovitch, Y. Elovici, and L. Rokach, "Detection of Unknown Computer Worms Based on Behavioral Classification of the Host," Computational Statistics and Data Analysis, vol. 52, pp. 4544-4566, 2008. L.C.Paul, "Code Red: A Field Study of a Worm in the Wild," Global Information Assurance Certification Paper, 2001. A. Orebaugh, G. Morris, E. Warnicke, and G. Ramirez, Real World Packet Captures. Rockland: Syngress, 2004. |