Anti-worm Immunization of Web System Based on Normal Model and BP Neural Network

  • Tao Gong
  • Zixing Cai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3973)


Pattern recognition and learning of unknown worms have become a bottleneck of network security since a lot of variants of old worms and new worms occurred. To overcome this bottleneck, many traditional approaches were tested but failed. In this paper, a normal model of a web system was proposed to detect all selfs and all non-selfs, especially all unknown worms. The normal model was built on the 2-dimension attributes of space and time of the system. Moreover, a BP neural network was used to design an adaptive learning mechanism of the immunized web system. The non-self learning was utilized to recognize most unknown worms through the trained BP network, which was trained with the feature data in the worm database. Besides, the innate non-self selection was designed to recognize all known worms. Experiments validated effectiveness of this approach on the BP network and the normal model.


Recognition Rate Normal Model Adaptive Learning Artificial Immune System Worm Propagation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Paker, Y., Kindberg, T.: The Worm Program Model: an Application Centred Point of View for Distributed Architecture Design. In: Proceedings of the 3rd Workshop on ACM SIGOPS European Workshop, pp. 1–4. ACM Press, New York (1988)Google Scholar
  2. 2.
    Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: Boneh, D. (ed.) Proceedings of the 11th USENIX Security Symposium, USENIX, Berkeley, pp. 149–167 (2002)Google Scholar
  3. 3.
    Balthrop, J., Forrest, S., Newman, M.E.J., Williamson, M.M.: Technological Networks and the Spread of Computer Viruses. Science 304(5670), 527–529 (2004)CrossRefGoogle Scholar
  4. 4.
    Levy, E.: Worm Propagation and Generic Attacks. IEEE Security and Privacy 3(2), 63–65 (2005)CrossRefGoogle Scholar
  5. 5.
    Gray, R.S., Berk, V.H.: Rapid Detection of Worms Using ICMP-T3 Analysis. In: Carapezza, E.M. (ed.) Proceedings of SPIE, vol. 5403, pp. 89–101. SPIE Press, Bellingham (2004)CrossRefGoogle Scholar
  6. 6.
    Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 138–147. ACM Press, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Einstein, A.: Relativity: the Special and General Theory. Three Rivers Press, New York (1920)Google Scholar
  8. 8.
    Gong, T.: An Immune Agent for Web-based AI Course. International Journal on E-Learning 5(4) (2006) (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Tao Gong
    • 1
  • Zixing Cai
    • 1
  1. 1.College of Information Science and EngineeringCentral South UniversityChangshaChina

Personalised recommendations