29-05-2012, 05:14 PM
ACTIVE WORMS MODELING AND DETECTION
ACTIVE WORMS MODELING AND DETECTION.ppt (Size: 667 KB / Downloads: 34)
Introduction to Active Worms?
Active worms pose major security threats to the Internet.
Active worms evolve during their propagation, and thus, pose great challenges to defend against them
These worms include “Code-Red” worm and “slammer” worm.
A new class of active worms, referred to as Camouflaging Worm (C-Worm in short).
Consequences of the worm
Strange files appeared in systems that were infected.
Strange log messages appeared in certain programs.
Some systems (1000s) were shut down because of the problems and because of the unknown threat of damage.
Problem statement
The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time.
The C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms.
Existing System
Existing worm detection schemes will not be able to detect such scan traffic patterns, it is very important to understand such smart-worms and develop new countermeasures to defend against them.
Existing detection schemes are based on a tacit assumption that each worm-infected computer keeps scanning the Internet and propagates itself at the highest possible speed.