An Integrated Approach to Detection of Fast and Slow Scanning Worms

机译：一种用于检测快速和慢速扫描蠕虫的集成方法

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

The propagation speed of fast scanning worms and the stealthy nature of slow scanning worms present unique challenges to intrusion detection. Typically, techniques optimized for detection of fast scanning worms fail to detect slow scanning worms, and vice versa. In practice, there is interest in developing an integrated approach to detecting both classes of worms. In this paper, we propose and analyze a unique integrated detection approach capable of detecting and identifying traffic flow(s) responsible for simultaneous fast and slow scanning malicious worm attacks. The approach uses a combination of evidence from distributed host-based anomaly detectors, a self-adapting profiler and Bayesian inference from network heuristics to detect intrusion activity due to both fast and slow scanning worms. We assume that the extreme nature of fast scanning worm epidemics make them well suited for extreme value theory and use sample mean excess function to determine appropriate thresholds for detection of such worms. Random scanning worm behavior is considered in analyzing the stochastic time intervals that affect behavior of the detection technique. Based on the analysis, a probability model for worm detection interval using the detection scheme was developed. Simulations are used to validate our assumptions and analysis.

机译：快速扫描蠕虫的传播速度和慢速扫描蠕虫的隐秘性质对入侵检测提出了独特的挑战。通常，为检测快速扫描蠕虫而优化的技术无法检测到慢速扫描蠕虫，反之亦然。在实践中，有兴趣开发一种用于检测两种蠕虫的集成方法。在本文中，我们提出并分析了一种独特的集成检测方法，该方法能够检测和识别负责同时快速和缓慢扫描恶意蠕虫攻击的流量。该方法结合了来自基于主机的分布式异常检测器的证据，自适应分析器以及来自网络启发式方法的贝叶斯推断，以检测由于快慢蠕虫引起的入侵活动。我们假设快速扫描蠕虫流行病的极端性质使其非常适合极值理论，并使用样本均值过剩函数确定检测此类蠕虫的适当阈值。在分析影响检测技术行为的随机时间间隔时，应考虑使用随机扫描蠕虫行为。在此基础上，建立了利用该检测方案的蠕虫检测间隔概率模型。仿真用于验证我们的假设和分析。

著录项

来源
《4th ACM symposium on information, computer and communications security 2009》|2009年|P.80-91|共12页
会议地点 Sydney(AU);Sydney(AU)
作者
Frank Akujobi; Ioannis Lambadaris; Evangelos Kranakis;
展开▼
作者单位

Department of Systems and Computer Engineering Carleton University 1125 Colonel By Dr., Ottawa, ON K1S 5B6, Canada;

rnDepartment of Systems and Computer Engineering Carleton University 1125 Colonel By Dr., Ottawa, ON K1S 5B6, Canada;

rnDepartment of Computer Science Carleton University 1125 Colonel By Dr., Ottawa, ON K1S 5B6, Canada;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全信息论;
关键词
worms; anomaly detection; bayesian inference; detection interval; probability model;

机译：蠕虫异常检测；贝叶斯推理检测间隔概率模型;

相似文献

外文文献
中文文献
专利

1. Fast Detection of Stealth and Slow Scanning Worms in Transmission Control Protocol [J] . Mohammad M. Rasheed, Osman Ghazali, Rahmat Budiarto Journal of Applied Sciences . 2012,第20期

机译：快速检测传输控制协议中的隐身和慢扫描蠕虫
2. Fast Detection of Stealth and Slow Scanning Worms in Transmission Control Protocol [J] . Mohammad M. Rasheed, Osman Ghazali, Rahmat Budiarto Journal of Applied Sciences . 2012,第20期

机译：快速检测传输控制协议中的隐身和慢扫描蠕虫
3. A Host-Based Approach for Unknown Fast-Spreading Worm Detection and Containment [J] . SONGQING CHEN, LEI LIU, XINYUAN WANG, ACM transactions on autonomous and adaptive systems . 2013,第4期

机译：基于主机的未知快速传播蠕虫检测和遏制方法
4. An integrated approach to detection of fast and slow scanning worms [C] . Frank Akujobi, Ioannis Lambadaris, Evangelos Kranakis Proceedings of the 4th International Symposium on Information, Computer, and Communications Security . 2009

机译：一种检测快速和慢速扫描蠕虫的集成方法
5. Runtime detection of active scanning worms. [D] . Preston, Andrew. 2008

机译：活动扫描蠕虫的运行时检测。
6. MutScan: fast detection and visualization of target mutations by scanning FASTQ data [O] . Shifu Chen, Tanxiao Huang, Tiexiang Wen, 2018

机译：MutScan：通过扫描FASTQ数据快速检测和可视化目标突变
7. An Integrated Approach to Detection of Fast and Slow Scanning Worms [O] . Frank Akujobi, Ioannis Lambadaris, Evangelos Kranakis 2009

机译：一种检测快速和慢速扫描蠕虫的综合方法

An Integrated Approach to Detection of Fast and Slow Scanning Worms

摘要

著录项

相似文献

相关主题

期刊订阅