CFP last date
20 June 2024
Reseach Article

A Tour of the Computer Worm Detection Space

by Nelson Ochieng, Waweru Mwangi, Ismael Ateya
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 104 - Number 1
Year of Publication: 2014
Authors: Nelson Ochieng, Waweru Mwangi, Ismael Ateya
10.5120/18169-9045

Nelson Ochieng, Waweru Mwangi, Ismael Ateya . A Tour of the Computer Worm Detection Space. International Journal of Computer Applications. 104, 1 ( October 2014), 29-33. DOI=10.5120/18169-9045

@article{ 10.5120/18169-9045,
author = { Nelson Ochieng, Waweru Mwangi, Ismael Ateya },
title = { A Tour of the Computer Worm Detection Space },
journal = { International Journal of Computer Applications },
issue_date = { October 2014 },
volume = { 104 },
number = { 1 },
month = { October },
year = { 2014 },
issn = { 0975-8887 },
pages = { 29-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume104/number1/18169-9045/ },
doi = { 10.5120/18169-9045 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:35:03.500321+05:30
%A Nelson Ochieng
%A Waweru Mwangi
%A Ismael Ateya
%T A Tour of the Computer Worm Detection Space
%J International Journal of Computer Applications
%@ 0975-8887
%V 104
%N 1
%P 29-33
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Computer worm detection has been a challenging and often elusive task. This is partly because of the difficulty of accurately modeling either the normal behavior of computer networks or the malicious actions of computer worms. This paper presents a literature review on the worm detection techniques, highlighting the worm characteristics leveraged for detection and the limitations of the various detection techniques. The paper broadly categorizes the worm detection approaches into content signature based detection, polymorphic worm detection, anomaly based detection, and behavioral signature based detection. The gap in the literature in the techniques is indicated and is the main contribution of the paper.

References
  1. Ellis, D. 2003. Worm anatomy and model. Proceedings of the 2003 ACM workshop on Rapid malcode, 42-50.
  2. Moore, D. , Shannon, C. & Brown, J. 2002. Code Red: a case study on the spread and victims of an internet worm. In the proceedings of the internet Measurement Workshop
  3. Moore, D. , Paxson, V. , Savage, S. , Shannon, C. , Staniford, S. &Weaver, N. 2003. Inside the Slammer Worm. IEEE Security and Privacy, vol. 1, no. 14, 33-39
  4. Staniford, S. , Paxson, V. , & Weaver, N. 2002. How to Own the Internet in Your Spare Time. In USENIX Security Symposium, 149-167
  5. Li, P. , Salour, M. , & Su, X. 2008. A survey of internet worm detection and containment. Communications Surveys & Tutorials, IEEE, 10(1), 20-35
  6. Weaver, N. , Paxson, V. , Staniford, S. , & Cunningham, R. 2003. A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode, 11-18.
  7. Singh, S. , Estan, C. , Varghese, G. , & Savage, S. 2004. Automated Worm Fingerprinting. In OSDI Vol. 4.
  8. Karamcheti, V. , Geiger, D. , Kedem, Z. , &Muthukrishnan, S. 2005. Detecting malicious network traffic using inverse distributions of packet contents. In Proceedings of the 2005 ACM SIGCOMM workshop on mining network data, 165-170.
  9. Abou-Assaleh, T. , Cercone, N. , Keselj, V. , &Sweidan, R. 2004. Detection of New Malicious Code Using N-grams Signatures. In PST, 193-196.
  10. Kim, H. A. , & Karp, B. 2004. Autograph: Toward Automated, Distributed Worm Signature Detection. In USENIX security symposium, Vol. 286
  11. Collberg, C. , Thomborson, C. , Low, D. 1997. A Taxonomy of obfuscating transformations. Technical Report 148, University of Auckland.
  12. Newsome, J. , Karp, B. , & Song, D. 2005. Polygraph: Automatically generating signatures for polymorphic worms. In Security and Privacy, 2005 IEEE Symposium, 226-241.
  13. Kruegel, C. , Kirda, E. , Mutz, D. , Robertson, W. , &Vigna, G. 2006. Polymorphic worm detection using structural information of executables. In Recent Advances in Intrusion Detection, 207-226. Springer Berlin Heidelberg
  14. Tang, Y. , & Chen, S. 2007. An automated signature-based approach against polymorphic internet worms. Parallel and Distributed Systems, IEEE Transactions on, 18(7), 879-892
  15. Wang, L. , Li, Z. , Chen, Y. , Fu, Z. , & Li, X. 2010. Thwarting zero-day polymorphic worms with network-level length-based signature generation. IEEE/ACM Transactions on Networking (TON), 18(1), 53-66.
  16. Kinder, J. , Katzenbeisser, S. , Schallhart, C. , &Veith, H. 2010. Proactive detection of computer worms using model checking. Dependable and Secure Computing, IEEE Transactions on, 7(4), 424-438.
  17. Jiang, X. , & Zhu, X. (2009). vEye: behavioral footprinting for self-propagating worm detection and profiling. Knowledge and information systems, 18(2), 231-262
  18. Jacob, G. , Debar, H. , & Filiol, E. 2008. Behavioral detection of malware: from a survey towards an established taxonomy. Journal in computer Virology, 4(3), 251-266
  19. Li, J. , Stafford, S. , & Ehrenkranz, T. 2006. SWORD: Self-propagating worm observation and rapid detection. University of Oregon, Tech. Rep. CIS-TR-2006-03
  20. Mahoney, M. V. , & Chan, P. K. 2001. PHAD: Packet header anomaly detection for identifying hostile network traffic.
  21. Gu, G. , Sharif, M. , Qin, X. , Dagon, D. , Lee, W. , & Riley, G. 2004. Worm detection, early warning and response based on local victim information. In Computer Security Applications Conference, 2004. 20th Annual, 136-145.
  22. Whyte, D. , Kranakis, E. V. A. N. G. E. L. O. S. , & Van Oorschot, P. 2005. ARP-based detection of scanning worms within an enterprise network. In Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  23. Whyte, D. , Kranakis, E. , & van Oorschot, P. C. 2005. DNS-based Detection of Scanning Worms in an Enterprise Network. In NDSS
  24. Chan, J. , Leckie, C. , & Peng, T. 2006. Hitlist worm detection using source ip address history. In Proceedings of Australian Telecommunication Networks and Applications Conference.
  25. Xia, J. , Vangala, S. , Wu, J. , Gao, L. , & Kwiat, K. 2006. Effective worm detection for various scan techniques. Journal of Computer Security, 14(4), 359-387
  26. Anbar, M. , Manasrah, A. , &Manickam, S. 2012. Statistical cross-relation approach for detecting TCP and UDP random and sequential network scanning (SCANS). International Journal of Computer Mathematics, 89 (15), 1952-1969.
  27. Yu, W. , Wang, X. , Calyam, P. , Xuan, D. , & Zhao, W. 2011. Modeling and detection of camouflaging worm. Dependable and Secure Computing, IEEE Transactions on, 8(3), 377-390.
Index Terms

Computer Science
Information Sciences

Keywords

Computer worm computer worm detection intrusion detection detection techniques