An efficient signature-based approach for automatic detection of internet worms over large-scale networks

Kumar Simkhada; Tarik Taleb; Yuji Waizumi; Abbas Jamalipour; Nei Kato; Yoshiaki Nemoto

doi:10.1109/ICC.2006.255123

An efficient signature-based approach for automatic detection of internet worms over large-scale networks

Kumar Simkhada, Tarik Taleb, Yuji Waizumi, Abbas Jamalipour, Nei Kato, Yoshiaki Nemoto

INF - Applied Information Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Citations (Scopus)

Abstract

Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, an efficient signature-based method is proposed for automatic detection of worms over large-scale networks. In the proposed system, detection is performed in a hierarchical manner. Security managers of local networks collect worm-like or suspicious flows and handle these flows to high-hierarchy metropolitan managers. In response, the latter use this information to generate robust signature. The global manager which lies on top of the hierarchy, multicasts the signature to local managers via metropolitan managers. This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms. Experimental results indicate that the proposed system exhibits high detection rates with low false alarm rates.

Original language	English
Title of host publication	2006 IEEE International Conference on Communications, ICC 2006
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	2364-2369
Number of pages	6
ISBN (Print)	1424403553, 9781424403554
DOIs	https://doi.org/10.1109/ICC.2006.255123
Publication status	Published - 2006
Event	2006 IEEE International Conference on Communications, ICC 2006 - Istanbul, Turkey Duration: 2006 Jul 11 → 2006 Jul 15

Publication series

Name	IEEE International Conference on Communications
Volume	5
ISSN (Print)	0536-1486

Conference

Conference	2006 IEEE International Conference on Communications, ICC 2006
Country/Territory	Turkey
City	Istanbul
Period	06/7/11 → 06/7/15

Access to Document

10.1109/ICC.2006.255123

Cite this

Simkhada, K., Taleb, T., Waizumi, Y., Jamalipour, A., Kato, N., & Nemoto, Y. (2006). An efficient signature-based approach for automatic detection of internet worms over large-scale networks. In 2006 IEEE International Conference on Communications, ICC 2006 (pp. 2364-2369). Article 4024518 (IEEE International Conference on Communications; Vol. 5). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICC.2006.255123

@inproceedings{378f9f5a3d0946daa4fe3d0491008e66,

title = "An efficient signature-based approach for automatic detection of internet worms over large-scale networks",

abstract = "Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, an efficient signature-based method is proposed for automatic detection of worms over large-scale networks. In the proposed system, detection is performed in a hierarchical manner. Security managers of local networks collect worm-like or suspicious flows and handle these flows to high-hierarchy metropolitan managers. In response, the latter use this information to generate robust signature. The global manager which lies on top of the hierarchy, multicasts the signature to local managers via metropolitan managers. This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms. Experimental results indicate that the proposed system exhibits high detection rates with low false alarm rates.",

author = "Kumar Simkhada and Tarik Taleb and Yuji Waizumi and Abbas Jamalipour and Nei Kato and Yoshiaki Nemoto",

year = "2006",

doi = "10.1109/ICC.2006.255123",

language = "English",

isbn = "1424403553",

series = "IEEE International Conference on Communications",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "2364--2369",

booktitle = "2006 IEEE International Conference on Communications, ICC 2006",

address = "United States",

note = "2006 IEEE International Conference on Communications, ICC 2006 ; Conference date: 11-07-2006 Through 15-07-2006",

}

Simkhada, K, Taleb, T, Waizumi, Y, Jamalipour, A, Kato, N & Nemoto, Y 2006, An efficient signature-based approach for automatic detection of internet worms over large-scale networks. in 2006 IEEE International Conference on Communications, ICC 2006., 4024518, IEEE International Conference on Communications, vol. 5, Institute of Electrical and Electronics Engineers Inc., pp. 2364-2369, 2006 IEEE International Conference on Communications, ICC 2006, Istanbul, Turkey, 06/7/11. https://doi.org/10.1109/ICC.2006.255123

An efficient signature-based approach for automatic detection of internet worms over large-scale networks. / Simkhada, Kumar; Taleb, Tarik; Waizumi, Yuji et al.
2006 IEEE International Conference on Communications, ICC 2006. Institute of Electrical and Electronics Engineers Inc., 2006. p. 2364-2369 4024518 (IEEE International Conference on Communications; Vol. 5).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An efficient signature-based approach for automatic detection of internet worms over large-scale networks

AU - Simkhada, Kumar

AU - Taleb, Tarik

AU - Waizumi, Yuji

AU - Jamalipour, Abbas

AU - Kato, Nei

AU - Nemoto, Yoshiaki

PY - 2006

Y1 - 2006

N2 - Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, an efficient signature-based method is proposed for automatic detection of worms over large-scale networks. In the proposed system, detection is performed in a hierarchical manner. Security managers of local networks collect worm-like or suspicious flows and handle these flows to high-hierarchy metropolitan managers. In response, the latter use this information to generate robust signature. The global manager which lies on top of the hierarchy, multicasts the signature to local managers via metropolitan managers. This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms. Experimental results indicate that the proposed system exhibits high detection rates with low false alarm rates.

AB - Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms. However, as most signature development processes are manual, they require significant time. They are thus not efficient in reducing the damage worms may cause. In this paper, an efficient signature-based method is proposed for automatic detection of worms over large-scale networks. In the proposed system, detection is performed in a hierarchical manner. Security managers of local networks collect worm-like or suspicious flows and handle these flows to high-hierarchy metropolitan managers. In response, the latter use this information to generate robust signature. The global manager which lies on top of the hierarchy, multicasts the signature to local managers via metropolitan managers. This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms. Experimental results indicate that the proposed system exhibits high detection rates with low false alarm rates.

UR - http://www.scopus.com/inward/record.url?scp=42549139829&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=42549139829&partnerID=8YFLogxK

U2 - 10.1109/ICC.2006.255123

DO - 10.1109/ICC.2006.255123

M3 - Conference contribution

AN - SCOPUS:42549139829

SN - 1424403553

SN - 9781424403554

T3 - IEEE International Conference on Communications

SP - 2364

EP - 2369

BT - 2006 IEEE International Conference on Communications, ICC 2006

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2006 IEEE International Conference on Communications, ICC 2006

Y2 - 11 July 2006 through 15 July 2006

ER -

Simkhada K, Taleb T, Waizumi Y, Jamalipour A, Kato N, Nemoto Y. An efficient signature-based approach for automatic detection of internet worms over large-scale networks. In 2006 IEEE International Conference on Communications, ICC 2006. Institute of Electrical and Electronics Engineers Inc. 2006. p. 2364-2369. 4024518. (IEEE International Conference on Communications). doi: 10.1109/ICC.2006.255123

An efficient signature-based approach for automatic detection of internet worms over large-scale networks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this