Detecting Computer Worms in the Cloud

  • Sebastian Biedermann
  • Stefan Katzenbeisser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7039)


Computer worms are very active and new sophisticated versions continuously appear. Signature-based detection methods work with a low false-positive rate, but previously knowledge about the threat is needed. Anomaly-based intrusion detection methods are able to detect new and unknown threats, but meaningful information for correct results is necessary. We propose an anomaly-based intrusion detection mechanism for the cloud which directly profits from the virtualization technologies in general. Our proposed anomaly detection system is isolated from spreading computer worm infections and it is able to detect unknown and new appearing computer worms. Using our approach, a spreading computer worm can be detected on the spreading behavior itself without accessing or directly influencing running virtual machines of the cloud.


Computer Worms Anomaly Detection Cloud Computing 


  1. 1.
    Microsoft, “Buffer overrun in rpc interface could allow code execution (823980)”Google Scholar
  2. 2.
    Felix Leder, T.W.: Know your enemy: Containing confickerGoogle Scholar
  3. 3.
    Group, C.W.: Lessons learned june 2010 (2011)Google Scholar
  4. 4.
    Nicolas Falliere, L.O.M., Chien, E.: W32.stuxnet dossier. In: Symantec Security ResponseGoogle Scholar
  5. 5.
    Payne, B.D., Lee, W.: Secure and flexible monitoring of virtual machines. In: Annual Computer Security Applications Conference, pp. 385–397 (2007)Google Scholar
  6. 6.
    Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Network and Distributed System Security Symposium (2003)Google Scholar
  7. 7.
    Roesch, M.: Snort: Lightweight intrusion detection for networks. In: USENIX Systems Administration Conference, pp. 229–238 (1999)Google Scholar
  8. 8.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T.L., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Symposium on Operating Systems Principles, pp. 164–177 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sebastian Biedermann
    • 1
  • Stefan Katzenbeisser
    • 1
  1. 1.Security Engineering Group, Department of Computer ScienceTechnische Universität DarmstadtGermany

Personalised recommendations