20-07-2012, 04:57 PM
MODELING AND DETECTING OF CAMOUFLAGING WORM
76422781-Modeling-and-Detecting-c-Worm (1).pptx (Size: 467.2 KB / Downloads: 81)
ABSTRACT:
Active worm’s causes major security threats to the Internet. Active worms evolve during their propagation and thus pose great challenges to defend against them. C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms.
Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic.
INTRODUCTION:
An active worm refers to a malicious software program that propagates itself on the Internet to infect other computers.
BOTNETS
(a) Distributed Denial-of-Service (DDoS)
(b) access confidential information that can be misused
© destroy data that has a high monetary value
(d) Spam E-Mails
SUPER BOTNETS
EXISTING SYSTEM :
The C-Worm is quite different from traditional worms in which it camouflages any noticeable trends in the number of infected computers over time. The camouflage is achieved by manipulating the scan traffic volume of worm-infected computers. Such a manipulation of the scan traffic volume prevents exhibition of any exponentially increasing trends or even crossing of thresholds that are tracked by existing detection schemes.
DRAWBACK IN EXISTING SYSTEM:
C-Worm scan traffic shows no noticeable trends in the time domain, it demonstrates a distinct pattern in the frequency domain. Specifically, there is an obvious concentration within a narrow range of frequencies. This concentration within a narrow range of frequencies is inevitable since the C-Worm adapts to the dynamics of the Internet in a recurring manner for manipulating and controlling its overall scan traffic volume.
PROPOSED SYSTEM:
We adopt frequency domain analysis techniques and develop a detection scheme against Wide-spreading of the C-Worm. Particularly, we develop a novel spectrum-based detection scheme that uses the Power Spectral Density (PSD) distribution of scan traffic volume in the frequency domain and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from non worm traffic (background traffic).
ADVANTAGES IN PROPOSED SYSTEM :
Our evaluation data clearly demonstrate that our spectrum-based detection scheme achieves much better detection performance against the C-Worm propagation compared with existing detection schemes. Our evaluation also shows that our spectrum-based detection scheme is general enough to be used for effective detection of traditional worms as well.
CONCLUSION :
There By , We conclude that using the PSD & SFM Measures we are going to Model and Detect the active Camouflage – Worm effectively and more efficiently than the existing mechanisms.
76422781-Modeling-and-Detecting-c-Worm (1).pptx (Size: 467.2 KB / Downloads: 81)
ABSTRACT:
Active worm’s causes major security threats to the Internet. Active worms evolve during their propagation and thus pose great challenges to defend against them. C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms.
Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic.
INTRODUCTION:
An active worm refers to a malicious software program that propagates itself on the Internet to infect other computers.
BOTNETS
(a) Distributed Denial-of-Service (DDoS)
(b) access confidential information that can be misused
© destroy data that has a high monetary value
(d) Spam E-Mails
SUPER BOTNETS
EXISTING SYSTEM :
The C-Worm is quite different from traditional worms in which it camouflages any noticeable trends in the number of infected computers over time. The camouflage is achieved by manipulating the scan traffic volume of worm-infected computers. Such a manipulation of the scan traffic volume prevents exhibition of any exponentially increasing trends or even crossing of thresholds that are tracked by existing detection schemes.
DRAWBACK IN EXISTING SYSTEM:
C-Worm scan traffic shows no noticeable trends in the time domain, it demonstrates a distinct pattern in the frequency domain. Specifically, there is an obvious concentration within a narrow range of frequencies. This concentration within a narrow range of frequencies is inevitable since the C-Worm adapts to the dynamics of the Internet in a recurring manner for manipulating and controlling its overall scan traffic volume.
PROPOSED SYSTEM:
We adopt frequency domain analysis techniques and develop a detection scheme against Wide-spreading of the C-Worm. Particularly, we develop a novel spectrum-based detection scheme that uses the Power Spectral Density (PSD) distribution of scan traffic volume in the frequency domain and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from non worm traffic (background traffic).
ADVANTAGES IN PROPOSED SYSTEM :
Our evaluation data clearly demonstrate that our spectrum-based detection scheme achieves much better detection performance against the C-Worm propagation compared with existing detection schemes. Our evaluation also shows that our spectrum-based detection scheme is general enough to be used for effective detection of traditional worms as well.
CONCLUSION :
There By , We conclude that using the PSD & SFM Measures we are going to Model and Detect the active Camouflage – Worm effectively and more efficiently than the existing mechanisms.