Using Genetic Algorithm for Network Status Learning and Worm Virus Detection Scheme

  • Donghyun Lim
  • Jinwook Chung
  • Seongjin Ahn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4224)


This paper tries to propose the worm virus detection system that focuses on many connection attempts, more frequently occurring in the process of scanning than their common transmission processes. And this paper tries to determine the critical value of connection attempt by using the ordinary time network traffic learning technique which applies the genetic algorithm in order to ensure accurate detection of virus, depending on the status of network. This system can reduce the damage from worm virus more quickly than the pattern-founded worm virus detection system because it applies the common characteristics of worm viruses to detect them, and the criteria for judgment can be altered in its application though the network may change.


Genetic Algorithm Intrusion Detection Fuzzy Controller Intrusion Detection System Destination Address 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Kienzle, D.M., Elder, M.C.: Recent worms: a survey and trends. In: Proceedings of the 2003 ACM workshop on Rapid Malcode (2003)Google Scholar
  2. Hung, J.C., Lin, K.-C., Chang, A.Y., Lin, N.H., Lin, L.H.: A bahavior-based anti-worm system. In: Proceedings on AINA 2003, China (2003)Google Scholar
  3. Plummer, D.C.: An ethernet address resolution protocol. RFC 826 (1982)Google Scholar
  4. Berk, V., Bakos, G.: Designing a framework for active worm detection on global networks. In: Proceedings of the First IEEE International Workshop on Information Assurance (2003)Google Scholar
  5. Wagner, D., Dean, R.: Intrusion detection via static analysis. In: Proceedings of 2001 IEEE Symposium on Security and Privacy (2001)Google Scholar
  6. Koo, J., Ahn, S., Chung, J.: Network blocking algorithm and architecture for network resource and security management. In: Proceedings of International Scientific-Practical Conference. Problems of Operation of Information Networks (2004)Google Scholar
  7. Choi, W., Kim, H., Ahn, S., Chung, J.: A network access control system using on address spoofing and VLAN filtering. In: The 4th Asia Pacific International Symposium on Information Technology (2005)Google Scholar
  8. Kwon, K., Ahn, S., Chung, J.: Network security management using ARP spoofing. In: Proceedings of ICCSA 2004 (2004)Google Scholar
  9. Goldberg, D.E.: Genegic Algorithm in Search, Optimization, and Machine Learnig. Addison-Wesley publishing company, Inc., Reading (1989)Google Scholar
  10. Dasgupta, D., Gonzalez, F.A.: An intelligent decision support system for intrusion detection and response. In: Proceedings of International Workshop on Mathematical Methods, Models and Architecture for Computer Networks Security, May 2001, pp. 1–14 (2001)Google Scholar
  11. Crosbie, M., Spafford, G.: Applying genetic programmings of to intrusion detection. In: Proceedings of AAAI Symposium on Genetic Programming, November 1995, pp. 1–8 (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Donghyun Lim
    • 1
  • Jinwook Chung
    • 1
  • Seongjin Ahn
    • 2
  1. 1.Dept. of Computer EngineeringSungkyunkwan Univ.SuwonSouth Korea
  2. 2.Dept. of Computer EducationSungkyunkwan Univ.SeoulSouth Korea

Personalised recommendations