NIS08-1: A Multi-level Security Based Autonomic Parameter Selection Approach for an Effective and Early Detection of Internet Worms

Simkhada, Kumar; Taleb, Tarik; Waizumi, Yuji; Jamalipour, Abbas; Hashimoto, Kei; Kato, Nei; Nemoto, Y.

doi:10.1109/glocom.2006.302

Cited by 2 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed system, which is an extension of works presented in References [8,9], automatically detects novel worms through an anomaly analysis-based module. The newly detected worms are used to automatically generate the signature for the propagating worm.…”

Section: Introductionmentioning

confidence: 99%

Combating against internet worms in large‐scale networks: an autonomic signature‐based solution

Simkhada¹,

Taleb²,

Waizumi³

et al. 2008

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

In this paper, we propose a signature-based hierarchical email worm detection (SHEWD) system to detect e-mail worms in large-scale networks. The proposed system detects novel worms and instantly generates their signatures. This feature helps to check the spread of any kind of worm-known or unknown.We envision a two-layer hierarchical architecture comprising local security managers (LSMs), metropolitan security managers (MSM), and a global security manager (GSM). Local managers collect suspicious flows and hand them to metropolitan managers. Metropolitan managers then use cluster analysis to sort worms from the suspicious flows. The sorted worms are used to generate the worm signature which is relayed to the global manager and then to all the collaborating networks. A separate scheme is proposed to automatically select suitable values of the system parameters. This parameter selection procedure takes into account the current network state and the threat level of the ongoing attack. The performance of the whole system is investigated using real network traffic with traces of worms. Experimental results demonstrate that the proposed scheme is capable to accurately detect email worms during the early phase of their propagations.

show abstract

Section: Introductionmentioning

confidence: 99%