Skip to main content
SpringerLink
Log in

Detection and location algorithm against local-worm

  • Published:
Science in China Series F: Information Sciences Aims and scope Submit manuscript

Abstract

The spread of the worm causes great harm to the computer network. It has recently become the focus of the network security research. This paper presents a local-worm detection algorithm by analyzing the characteristics of traffic generated by the TCP-based worm. Moreover, we adjust the worm location algorithm, aiming at the differences between the high-speed and the low-speed worm scanning methods. This adjustment can make the location algorithm detect and locate the worm based on different scanning rate. Finally, we verified the validity and efficiency of the proposed algorithm by simulating it under NS-2.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Weaver N, Paxson V, Staniford S, et al. A taxonomy of computer worms. In: Proceedings of the 2003 ACM workshop on Rapid Malcode (WORM’03). NY USA: ACM Press, 2003. 11–18

    Chapter  Google Scholar 

  2. Seeley D. A tour of the worm. In: USENINX Association Winter Conference 1989 Proceedings.1989. 287–304

  3. Moore D, Shannon C, Brown J. Code-Red: a case study on the spread and victims of an Internet worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement. NY USA: ACM Press, 2002. 273–284

    Chapter  Google Scholar 

  4. Moore D, Paxson V, Savage S, et al. The spread of the Sapphire/Slammer worm. http://www.cs.berkeley.edu/~nweaver/sapphire/

  5. CERT. CERT/CC advisories. http://www.cert.org/advisories/

  6. Shannon C, Moore D. The spread of the witty worm. http://www.caida.org/outreach/papers/2004/witty/

  7. WORM_NORTINA.A, http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NORTINA.A

  8. WORM_SOBER.U, http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBER.U

  9. WORM_ZOTOB.A, http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOTOB.A

  10. Gu G F, Sharif M, Qin X Z, et al. Worm detection, early warning and response based on local victim information. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04). Los Alamitos USA: IEEE Computer Society, 2004. 136–145

    Google Scholar 

  11. Lai S C, Kuo W C, Hsieh M C. Defending against Internet worm-like infestations. In: Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004). Los Alamitos USA: IEEE Computer Society, 2004. 152–157

    Google Scholar 

  12. Kim H, Kang I, Bahk S. Real-time visualization of network attacks on high-speed links. Network, IEEE, 2004,18(5): 30–39

    Article  Google Scholar 

  13. Berk V, Bakos G, Morris R. Designing a framework for active worm detection on global networks. In: Proceedings of the First IEEE International Workshop on Information Assurance (IWIA’03). Los Alamitos USA: IEEE Computer Society, 2003. 13–23

    Chapter  Google Scholar 

  14. Zou C C, Gong W B, Towsley D, et al. The Monitoring and Early Detection of Internet Worms. http://citeseer.ist.psu.edu/711538.html

  15. Wu J, Vangala S, Gao L, et al. An efficient architecture and algorithm for detecting worms with various scan techniques. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2004). Washington DC: The Internet Society, 2004

    Google Scholar 

  16. Yang X Y, Zeng M, Zhao R, et al. A novel LMS method for real-time network Traffic Prediction. In: Computational Science and Its Applications-ICCSA 2004. Heidelberg, Berlin: Springer, 2004. 127–136

    Google Scholar 

  17. Shi Y, Yang X Y, Zhu H J. A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction. In: Advances in Information and Computer Security, 4266/2006. Heidelberg, Berlin: Springer, 2006. 252–267

    Google Scholar 

  18. Yang X Y, Liu Y, Zeng M, et al. A novel DDoS attack detecting algorithm based on the continuous wavelet transform. Lecture Notes in Computer Science, 2004, 3309: 173–181

    Google Scholar 

  19. Tang Y J, Luo X P, Yang Z J. Fault detection through multi-fractal nature of traffic. In: Communications, Circuits and Systems and West Sino Expositions, IEEE 2002 International Conference on, Volume 1. 2002. 695–699

  20. Kim M S, Kong H J, Hong S C, et al. A flow-based method for abnormal network traffic detection. In: Network Operations and Management Symposium. NOMS 2004. IEEE/IFIP Volume 1, 2004. 599–612

  21. Stevens W R. TCP/IP Illustrated Volume 1: The Protocols (in Chinese). Beijing: China Machine Press, 2004

    Google Scholar 

  22. Antonatos S, Akritidis P, Markatos E P, et al. Defending against Hitlist worms using network address space randomization. In: Proceedings of the 2005 ACM workshop on Rapid malcode (WORM’05). NY USA: ACM Press, 2005. 30–40

    Chapter  Google Scholar 

  23. Net worm using Google to spread, http://news.com.com/Net+worm+using+Google+to+spread/2100-7349_3-5499725.html?tag=nl

  24. “eDonkey2000”, http://www.edonkey2000.com/

  25. “BitTorrent”, http://www.bittorrent.com/

  26. Wang H N, Zhang D L, Shin K G. Change-point monitoring for the detection of DoS attacks. Dependable and Secure Computing, IEEE Trans Depend Secure Comp, 2004, 1(4): 193–208

    Article  Google Scholar 

  27. Peng T, Leckie C, Ramamohanarao K. Detecting reflector attacks by sharing beliefs. In: Global Telecommunications Conference (GLOBECOM’03), IEEE Volume 3, San Francisco. 2003. 1358–1362

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, 710049, China

    XinYu Yang, Yi Shi & HuiJun Zhu

Authors
  1. XinYu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. HuiJun Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to XinYu Yang.

Additional information

Supported in part by the National Natural Science Foundation of China (Grant No. 60403028)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yang, X., Shi, Y. & Zhu, H. Detection and location algorithm against local-worm. Sci. China Ser. F-Inf. Sci. 51, 1935–1946 (2008). https://doi.org/10.1007/s11432-008-0132-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-008-0132-z

Keywords

Search

Navigation