Worm detection and signature extraction based on communication characteristics

XIN Yi1; FANG Bin-xing1; HE Long-tao2; YUN Xiao-chun2; LI Zhi-dong1

Tongxin xuebao (Jan 2007)

Worm detection and signature extraction based on communication characteristics

XIN Yi1,
FANG Bin-xing1,
HE Long-tao2,
YUN Xiao-chun2,
LI Zhi-dong1

Affiliations

XIN Yi1
FANG Bin-xing1
HE Long-tao2
YUN Xiao-chun2
LI Zhi-dong1

Abstract

Read online

Worm detection and signature extraction was presented based on analysis of similar communication character-istics,which identifies the distinct communication pattern of worm spread,and evaluates the similarity metric of commu-nication characteristic sets,and detects worms by detecting their infectivity with higher detection precision,generality and adaptability.Based on this,a heuristic detection framework is designed,which eliminates non-worm traffic from protocol,sequence,and content in three levels via blind,intent and lock track,then filters out worm packets and extracts signatures.The technique reduces data collection volume and analysis cost dramatically,and can detection worm and ex-tract signature quickly in the environment with high strength background noise.

worm;communication characteristics;detection;signature extraction

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords