Abstract
Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and the results are promising.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chun, B.N., Lee, J., Weatherspoon, H.: Netbait: a Distributed Worm Detection Service. Intel Research Berkeley Technical Report IRB-TR-03-033 (2003)
Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for internet worms. In: Proceedings of the 10th ACM CCS, Washington (2003)
Kreibich, C., Crowcroft, J.: Honeycomb – creating intrusion detection signatures using Honeypots. In: Proceedings of the Second Workshop on Hot Topics in Networks (2003)
Kim, H.A., Karp, B.: Autograph: toward automated, distributed worm signature detection. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Singh, S., Estan, C., Varghese, G., Savage, S.: Automated Worm Fingerprinting. In: Proceedings of the 6th OSDI Symposium (2004)
Mewsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings of the Security and Privacy, 2005 IEEE Symposium (2005)
Forrest, S.: A Sense of Self for UNIX Processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–128 (1996)
Vogt, T.: Simulating and Optimizing Worm Propagation Algorithms (2003), http://www.rootsecure.net/content/downloads/pdf/worm_propogation.pdf
Thommes, R., Coates, M.: Epidemiological Modeling of Peer-to-Peer Viruses and Pollution. In: Proceedings of IEEE Infocom 2006 (2006)
Zou, C.C., Towsley, D., Gong, W.: Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms. IEEE Transactions on dependable and secure computing 4(2) (2007)
Anderson, R.M., May, R.M.: Infectious diseases in humans. Oxford Univ. Press, Oxford (1992)
Pastor-Satorras, R., Vespignani, A.: Epidemic dynamics and endemic states in complex networks. Physical Review E 63 (2001)
Moreno, Y., Pastor-Satorras, R., Vespignani, A.: Epidemic outbreaks in complex heterogeneous networks. Eur. Phys. J. B 26, 521–529 (2002)
Pastor-Satorras, R., Vespignani, A.: Epidemic spreading in scale-free networks. Phys. Rev. Lett. 86, 3200–3203 (2001)
Faloutsos, C., Faloutsos, M., Faloutsos, P.: On power-law relationships of the internet topology. In: Proceedings of ACM SIGCOMM (1999)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. In: Security & Provacy. IEEE, Los Alamitos (2003)
Staniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: Proceedings of USENIX Security Symposium (2002)
Zou, C., Towsley, D., Gong, W.: On the Performance of Internet Worm Scanning Strategies. Performance Evaluation Journal 63(7) (2006)
http://en.wikipedia.org/wiki/Blue_Pill_ (malware)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rozenberg, B., Gudes, E., Elovici, Y. (2008). A Distributed Framework for the Detection of New Worm-Related Malware. In: Ortiz-Arroyo, D., Larsen, H.L., Zeng, D.D., Hicks, D., Wagner, G. (eds) Intelligence and Security Informatics. EuroIsI 2008. Lecture Notes in Computer Science, vol 5376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89900-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-89900-6_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89899-3
Online ISBN: 978-3-540-89900-6
eBook Packages: Computer ScienceComputer Science (R0)