A New Approach to Early Detection of an Unknown Worm
説明
Recently, many worms such as Sassar worm or MS Blaster worm, had made serious damages to many hosts on Internet. These worms spread and damage many hosts on Internet by exploiting vulnerability of network application and/or operating system. Infection of worms that exploit the vulnerability of software can be prevented by applying proper software patches. However, it is impossible to prevent an infection of worms that exploit unknown vulnerability by only that method. In this paper, we propose a new method for detecting unknown worms by using hop number distribution of packets received by a host. We also present a system design for real time detection of unknown worms' activity by employing the proposed method.
収録刊行物
-
- 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)
-
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) 194-198, 2007-05-01
IEEE
