A New User-Habit Based Approach for Early Warning of Worms

  • Ping Wang
  • Binxing Fang
  • Xiaochun Yun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3802)


In the long term usage of the network, users will form certain types of habit according to their specific characteristics, individual hobbies and given restrictions. On the burst-out of worms, the overwhelming flow caused by random scanning will temporarily alter the behavior representation of users. Therefore, it is reasonable to conclude that the statistics and classification of the user habit can contribute to the detection of worms. On the basis of analysis about both users and worms, we construct the model of user-habit and propose a new approach for the early warning of worms. This paper possesses strong direction significance due to its broad applicability since extended models can be derived from the model proposed in this paper.


Virtual Machine Early Warning Anomaly Detection Access Information User Access 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moore, D., Shannon, C., Claffy, K.: Code Red: A case study on the spread and victims of an Internet worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 273–284 (2002)Google Scholar
  2. 2.
    Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Magazine of Security and Privacy 1(4), 33–39 (2003)CrossRefGoogle Scholar
  3. 3.
    Berk, V.H., Gray, R.S., Bakos, G.: Using sensor networks and data fusion for early detection of active worms. In: Proceedings of the SPIE AeroSense, pp. 92–104 (2003)Google Scholar
  4. 4.
    Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and Early Warning for Internet Worms. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, pp. 190–199 (2003)Google Scholar
  5. 5.
    Kuwatly, I., Sraj, M., Al Masri, Z., Artail, H.: A Dynamic Honeypot Design for Intrusion Detection. In: IEEE/ACS International Conference on Pervasive Services, pp. 95–104 (2004)Google Scholar
  6. 6.
    Wen, W.P., Qing, S.H., Jiang, J.C., Wang, Y.J.: Research and Development of Internet Worm. Journal of Software 15(8), 1208–1219 (2004)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ping Wang
    • 1
  • Binxing Fang
    • 1
  • Xiaochun Yun
    • 1
  1. 1.Dept. of Computer Science and TechnologyHarbin Institute of TechnologyHarbinChina

Personalised recommendations