Abstract | ||
---|---|---|
A computer worm is a self-replicating malicious code that does not alter files but resides in active memory where it duplicates itself. Worms use parts of the operating system that are automatic and usually invisible to the user. Worms commonly exhibit abnormal behaviors, which become noticeable only when their uncontrolled replication consumes system resources and consequently decelerates or halts other tasks completely. This paper proposes an effective approach for detecting the presence of TCP network worms. This approach consists of two phases: Statistical Cross-relation for Network Scanning (SCANS) phase and the Worm Correlation phase. The SCANS phase is used to detect the presence of the network scanning behavior of a network worm, while the worm correlation phase is used to detect the Destination Source Correlation (DSC) behavior of the network worm. The proposed approach has been tested with a simulated dataset obtained from the GTNetS simulator. The numerical results showed that the proposed approach is efficient and outperforms the well-known DSC approach in terms of detecting the presence of TCP network worm. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/s00521-016-2358-9 | Neural Computing and Applications |
Keywords | Field | DocType |
Destination Source Correlation (DSC), Intrusion Detection System (IDS), Network scanning, Malicious codes, TCP worm | Simulation,Computer worm,Real-time computing,Artificial intelligence,Machine learning,Mathematics | Journal |
Volume | Issue | ISSN |
28 | S-1 | 1433-3058 |
Citations | PageRank | References |
0 | 0.34 | 14 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mohammed Anbar | 1 | 16 | 9.05 |
Rosni Abdullah | 2 | 156 | 24.82 |
Alhamza Munther | 3 | 3 | 0.73 |
Mohammed Azmi Al-Betar | 4 | 620 | 43.69 |
Redhwan M. A. Saad | 5 | 0 | 1.01 |