Full project of modeling and detection of camouflaging worm in PPT
Posts: 14,118
Threads: 61
Joined: Oct 2014
Modeling and detection of camouflage worm
Active worms pose major threats to Internet security. This is due to the ability of active worms to propagate in an automated way, as they continually compromise computers on the Internet. The active worms evolve during their propagation, and therefore, pose great challenges to defend against them. In this article, we investigate a new class of active worms, known as Camouflage Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its volume of scanning traffic over time. Therefore, the C-Worm camouflages its propagation of existing worm detection systems based on the analysis of the propagation traffic generated by the worms. We analyze the characteristics of the C-Worm and make a complete comparison between your traffic and non-worm traffic (background traffic). We observe that these two types of traffic are hardly distinguishable in the time domain.
However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we designed a new scheme based on the spectrum to detect the C-Worm. Our scheme uses the power spectral density (PSD) distribution of the scanning traffic volume and its corresponding spectral flatness measure (SFM) to distinguish C-Worm traffic from the background traffic. Using a full set of real-world detection metrics and traces as background traffic, we performed extensive performance evaluations in our proposal-based spectrum detection scheme. Performance data clearly demonstrates that our scheme can effectively detect the spread of C-Worm. In addition, we show the generality of our scheme based on the spectrum to effectively detect not only the C-worm, but also the traditional worms.