Skip to main content
SpringerLink
Log in

A Distributed Framework for the Detection of New Worm-Related Malware

  • Conference paper
Intelligence and Security Informatics (EuroIsI 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5376))

Included in the following conference series:

Abstract

Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and the results are promising.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://www.viruslist.com/

  2. Chun, B.N., Lee, J., Weatherspoon, H.: Netbait: a Distributed Worm Detection Service. Intel Research Berkeley Technical Report IRB-TR-03-033 (2003)

    Google Scholar 

  3. Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for internet worms. In: Proceedings of the 10th ACM CCS, Washington (2003)

    Google Scholar 

  4. Kreibich, C., Crowcroft, J.: Honeycomb – creating intrusion detection signatures using Honeypots. In: Proceedings of the Second Workshop on Hot Topics in Networks (2003)

    Google Scholar 

  5. Kim, H.A., Karp, B.: Autograph: toward automated, distributed worm signature detection. In: Proceedings of the 13th USENIX Security Symposium (August 2004)

    Google Scholar 

  6. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated Worm Fingerprinting. In: Proceedings of the 6th OSDI Symposium (2004)

    Google Scholar 

  7. Mewsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings of the Security and Privacy, 2005 IEEE Symposium (2005)

    Google Scholar 

  8. Forrest, S.: A Sense of Self for UNIX Processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–128 (1996)

    Google Scholar 

  9. Vogt, T.: Simulating and Optimizing Worm Propagation Algorithms (2003), http://www.rootsecure.net/content/downloads/pdf/worm_propogation.pdf

  10. Thommes, R., Coates, M.: Epidemiological Modeling of Peer-to-Peer Viruses and Pollution. In: Proceedings of IEEE Infocom 2006 (2006)

    Google Scholar 

  11. Zou, C.C., Towsley, D., Gong, W.: Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms. IEEE Transactions on dependable and secure computing 4(2) (2007)

    Google Scholar 

  12. Anderson, R.M., May, R.M.: Infectious diseases in humans. Oxford Univ. Press, Oxford (1992)

    Google Scholar 

  13. Pastor-Satorras, R., Vespignani, A.: Epidemic dynamics and endemic states in complex networks. Physical Review E 63 (2001)

    Google Scholar 

  14. Moreno, Y., Pastor-Satorras, R., Vespignani, A.: Epidemic outbreaks in complex heterogeneous networks. Eur. Phys. J. B 26, 521–529 (2002)

    Google Scholar 

  15. Pastor-Satorras, R., Vespignani, A.: Epidemic spreading in scale-free networks. Phys. Rev. Lett. 86, 3200–3203 (2001)

    Article  Google Scholar 

  16. Faloutsos, C., Faloutsos, M., Faloutsos, P.: On power-law relationships of the internet topology. In: Proceedings of ACM SIGCOMM (1999)

    Google Scholar 

  17. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. In: Security & Provacy. IEEE, Los Alamitos (2003)

    Google Scholar 

  18. Staniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: Proceedings of USENIX Security Symposium (2002)

    Google Scholar 

  19. Zou, C., Towsley, D., Gong, W.: On the Performance of Internet Worm Scanning Strategies. Performance Evaluation Journal 63(7) (2006)

    Google Scholar 

  20. http://www.cert.org/advisories/CA-2000-04.html

  21. http://en.wikipedia.org/wiki/Blue_Pill_ (malware)

Download references

Author information

Authors and Affiliations

  1. Deutche Telekom Laboratories at Ben Gurion University, Beer Sheva, 84105, Israel

    Boris Rozenberg, Ehud Gudes & Yuval Elovici

Authors
  1. Boris Rozenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ehud Gudes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuval Elovici
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Aalborg University Esbjerg, Niels Bohrs Vej 8, 6700, Esbjerg, Denmark

    Daniel Ortiz-Arroyo

  2. Department of Computer Science and Engineering, Aalborg University Esbjerg, Niels Bohrs Vej 8, 6700, Esbjerg, Denmark

    Henrik Legind Larsen

  3. Department of MIS, University of Arizona, 85721, Tucson, AZ, USA

    Daniel Dajun Zeng

  4. Computer Science Department, Aalborg University, DK-6700, Esbjerg, Denmark

    David Hicks

  5. European Commission - European Commission - Joint Research Centre (JRC) IPSC - SeS Unit T.P., Ispra, Italy

    Gerhard Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rozenberg, B., Gudes, E., Elovici, Y. (2008). A Distributed Framework for the Detection of New Worm-Related Malware. In: Ortiz-Arroyo, D., Larsen, H.L., Zeng, D.D., Hicks, D., Wagner, G. (eds) Intelligence and Security Informatics. EuroIsI 2008. Lecture Notes in Computer Science, vol 5376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89900-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89900-6_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89899-3

  • Online ISBN: 978-3-540-89900-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation