Abstract
Worms constitute a major source of Internet delay. A new worm is capable of replicating itself to vulnerable systems in a very short time, and infecting thousands of computers across the Internet before human response. A new worm floods the internet and halts most Internet related services, which spoils Internet economy. Therefore, detecting new worms is considered crucial and should gain highest priority. Most of research effort was dedicated to modeling worm behavior; recently defending worm is receiving more interest, but the defense against Internet worms still an open problem. The purpose of this paper is to describe a framework for multiagent-based system for detecting new worms, auto-generating its signature, and distributing this signature. This goal can be achieved through a set of distributed agents residing on computers, routers, and servers.
New worm floods Internet in a very high speed. Human role in detecting new worm and generating its signature takes long time. This gives worms a good chance to flood the whole Internet before any reaction. Autonomous, reliable, adaptive, responsive and proactive system is needed to detect new worms without human intervention. These features characterize agents. A framework for automated multiagent-based system for worm detection and signature generation, deployed on routers, computers, and servers is proposed in this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Reference
S. Staniford, V. Paxson, and N. Weaver, “How to 0wn the Internet in Your Spare Time,” in Proceedings of the 11th USENIX Security Symposium (Security ‘2002), San Francisco, California, USA, Aug. 2002.
D. Moore, C. Shannon, G. M. Voelker, and S. Savage, “Internet Quarantine: Requirements for Containing Self-Propagating Code,” in Proceedings of the22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM ‘2003), San Francisco, California, USA, Apr. 2003.
S. Chen and Y. Tang, “Slowing Down Internet Worms ,” in Proceeding of the24th International Conference on Distributed Computing and Systems (ICDCS ‘2004),, Tokyo,Japan, Mar. 2004.
C. Kruegel and G. Vigna, “Anomaly Detection of Web-based Attacks,” in Proceedings of the10th ACM Conference on Computer and Communication Security (CCS’2003). Washington D.C., USA: ACM Press, Oct. 2003, pp. 251–261.
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, “Inside the Slammer Worm,” IEEE Magazine of Security and Privacy, pp. 33–39, July 2003.
C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” in Proceedings of the7th USENIX Security Conference (Security ‘1998), San Antonio, Texas, USA, Jan. 1998, pp. 63–78.
M. Eichin and J. Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” in Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 1989, pp. 326–344.
Y. Tang and S. Chen. Defending against Internet worms: A signature-based approach. In Proc. of IEEE INFOCOM’05, Miami, Florida, May 2005.
M. Liljenstam, Y. Yuan, B. Premore, and D. Nicol. A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations. Proc. of 10th IEEE/ACM Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS), October 2002.
D. Moore, C. Shannon, G. M. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. Proc. of IEEE INFOCOM’2003, March 2003.
J. Rochlis and M. Eichin. WithMicroscope and Tweezers: The Worm from MIT’s Perspective. Communication of the ACM, 32(6):689–698, June 1989.
S. Staniford, V. Paxson, and N.Weaver. How to Own the Internet in Your Spare Time. Proc. of 11th USENIX Security Symposium, San Francisco, August 2002.
M. M. Williamson. Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. Proc. of Annual Computer Security Application Conference (ACSAC’02), December 2002.
C. C. Zou, W. Gong, and D. Towsley. Code Red Worm Propagation Modeling and Analysis. Proc. of 9th ACM Conference
S. Russel and P. Norvig, “Artificial Intelligence, A Modern Approach,” Printice Hall Inc., New Jersey, USA, 1995.
H. M. Faheem, “A MULTIAGENT-BASED APPROACH FOR MANAGING SECURITY POLICY,” Wireless and Optical Communications Networks, 2005.Second IFIP International Conference, March 2005 pp. 351 - 356
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media B.V.
About this paper
Cite this paper
El-Menshawy, A., Faheem, H., Al-Arif, T., Taha, Z. (2008). Agent Based Framework for Worm Detection. In: Sobh, T. (eds) Advances in Computer and Information Sciences and Engineering. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8741-7_15
Download citation
DOI: https://doi.org/10.1007/978-1-4020-8741-7_15
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-8740-0
Online ISBN: 978-1-4020-8741-7
eBook Packages: Computer ScienceComputer Science (R0)