A New User-Habit Based Approach for Early Warning of Worms
In the long term usage of the network, users will form certain types of habit according to their specific characteristics, individual hobbies and given restrictions. On the burst-out of worms, the overwhelming flow caused by random scanning will temporarily alter the behavior representation of users. Therefore, it is reasonable to conclude that the statistics and classification of the user habit can contribute to the detection of worms. On the basis of analysis about both users and worms, we construct the model of user-habit and propose a new approach for the early warning of worms. This paper possesses strong direction significance due to its broad applicability since extended models can be derived from the model proposed in this paper.
KeywordsVirtual Machine Early Warning Anomaly Detection Access Information User Access
Unable to display preview. Download preview PDF.
- 1.Moore, D., Shannon, C., Claffy, K.: Code Red: A case study on the spread and victims of an Internet worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 273–284 (2002)Google Scholar
- 3.Berk, V.H., Gray, R.S., Bakos, G.: Using sensor networks and data fusion for early detection of active worms. In: Proceedings of the SPIE AeroSense, pp. 92–104 (2003)Google Scholar
- 4.Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and Early Warning for Internet Worms. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, pp. 190–199 (2003)Google Scholar
- 5.Kuwatly, I., Sraj, M., Al Masri, Z., Artail, H.: A Dynamic Honeypot Design for Intrusion Detection. In: IEEE/ACS International Conference on Pervasive Services, pp. 95–104 (2004)Google Scholar