CFP last date
22 April 2024
Reseach Article

Comparative Analysis of Behavioral Classification of Computer Networks and Early Warning System for Worm Detection

by Olabode O, Adebayo O. T, Iwasokun G. B
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 66 - Number 17
Year of Publication: 2013
Authors: Olabode O, Adebayo O. T, Iwasokun G. B
10.5120/11173-6088

Olabode O, Adebayo O. T, Iwasokun G. B . Comparative Analysis of Behavioral Classification of Computer Networks and Early Warning System for Worm Detection. International Journal of Computer Applications. 66, 17 ( March 2013), 1-8. DOI=10.5120/11173-6088

@article{ 10.5120/11173-6088,
author = { Olabode O, Adebayo O. T, Iwasokun G. B },
title = { Comparative Analysis of Behavioral Classification of Computer Networks and Early Warning System for Worm Detection },
journal = { International Journal of Computer Applications },
issue_date = { March 2013 },
volume = { 66 },
number = { 17 },
month = { March },
year = { 2013 },
issn = { 0975-8887 },
pages = { 1-8 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume66/number17/11173-6088/ },
doi = { 10.5120/11173-6088 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:22:38.169612+05:30
%A Olabode O
%A Adebayo O. T
%A Iwasokun G. B
%T Comparative Analysis of Behavioral Classification of Computer Networks and Early Warning System for Worm Detection
%J International Journal of Computer Applications
%@ 0975-8887
%V 66
%N 17
%P 1-8
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The effort required for detecting worm that threaten the reliability and stability of network resources is in the process of advancing, demanding increasingly sophisticated resources. A worm is a self-propagating program that infects other hosts based on a known vulnerability in network hosts. The spread of active worms does not need any human interaction. There is a growing demand for effective techniques to detect the presence of worms and to reduce the worms spread. Worms have become a major threat to the Internet due to their ability to rapidly, compromise large numbers of computers. This work presents a comparative analysis of behavioural classification of networks (BCN) and early warning system (EWS) to determine which one performs better in computer worm detection.

References
  1. Addison W and Lance S 2003Honeypots: Tracking Hackers.
  2. Berk V. H. , Gray R. S. , and Bakos G. 2003. Using sensor networks and data fusion for early detection of active worms. In Proceedings of the SPIE AeroSense,2003.
  3. Chen Z, Gao L, and Kwiat K 2003 Modeling the spread of active worms. In Proceedings of the IEEE INFOCOM 2003, March 2003.
  4. Shigang Chen, Sanjay Ranka 2004 Detecting Internet Worms at Early Stage
  5. John L, Richard L, Henry O, Didier C, and Brian C. 2003. The use of honeynets to detect exploited systems across large enterprise networks". In Proceedings of the 2003 IEEE Workshop on Information Assurance.
  6. Wu J, Vangala S, Gao L, and Kwiat K 2004. An efficient architecture and algorithm for detecting worms with various scan techniques. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS'04), February 2004.
  7. Zou C. C. , Towsley D. ,Gong W and Cai S 2003. Routing worm: A fast, selective attack worm based on ip address information. Technical Report TR-03-CSE-06, Umass ECE Dept. , November 2003.
Index Terms

Computer Science
Information Sciences

Keywords

Nowadays excellent technology (i. e. anti-worms software packages) exists for detecting and eliminating known malicious codes. Typically anti-worms software packages inspect each file that enters the system looking for known signs (signatures) which uniquely identify an instance of known malicious codes. Nevertheless anti-worms technology is based on prior explicit knowledge of worm code signatures and cannot be used for detecting unknown worm codes. Following the appearance of a new worm a patch is provided by the operating system provider (if needed) and the anti-worm vendors update their signature-base accordingly. This solution is not perfect since worms propagate very rapidly and by the time local anti-worm software tools have been updated very expensive damage would have been inflicted by the worm.