ACTM: Anomaly Connection Tree Method to detect silent worms

Nobutaka Kawaguchi, Yusuke Azuma, Shintaro Ueda, Hiroshi Shigeno, Ken Ichi Okada

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

In this paper we propose a novel worm detection method that can detect silent worms in intranet. Most existing detection methods use aggressive activities of worms as a clue for detection and are ineffective against worms that propagate silently using a list of vulnerable hosts. To detect such worms, we propose Anomaly Connection Tree Method (ACTM). ACTM uses two features present to most worms. First is that the worms's propagation behaviour is expressed as tree-like structures. Second is that the worm's selection of infection targets does not consider which hosts its infected host communicates to frequently. Then, by constructing trees that are composed of anomaly connections, ACTM detects the existence of such worms. Through the simulation results, we have shown that ACTM can detect the worms in an early stage.

Original languageEnglish
Title of host publicationProceedings - 20th International Conference on Advanced Information Networking and Applications
Pages901-906
Number of pages6
DOIs
Publication statusPublished - 2006 Nov 22
Event20th International Conference on Advanced Information Networking and Applications - Vienna, Austria
Duration: 2006 Apr 182006 Apr 20

Publication series

NameProceedings - International Conference on Advanced Information Networking and Applications, AINA
Volume1
ISSN (Print)1550-445X

Other

Other20th International Conference on Advanced Information Networking and Applications
CountryAustria
CityVienna
Period06/4/1806/4/20

    Fingerprint

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Kawaguchi, N., Azuma, Y., Ueda, S., Shigeno, H., & Okada, K. I. (2006). ACTM: Anomaly Connection Tree Method to detect silent worms. In Proceedings - 20th International Conference on Advanced Information Networking and Applications (pp. 901-906). [1620301] (Proceedings - International Conference on Advanced Information Networking and Applications, AINA; Vol. 1). https://doi.org/10.1109/AINA.2006.70