##plugins.themes.academic_pro.article.main##

Abstract

Internet worms place a major security threats to the Internet. This is due to the aptitude of worms to propagate in an automated fashion as they progressively compromise computers on the Internet. Internet worms develop gradually during their propagation and thus place great challenges to preserved against them. In this paper, we examine a new class of active worms, referred to as Non-overlapping Camouflaging Worm .The Non-overlapping C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the Non-overlapping C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the Non-overlapping C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of NOC worm. Motivated by our observations, we design a detection method that uses two-step procedures that combines a first stage change point detection with a second stage growth rate inference to confirm the existence of a worm. This scheme is better than the NOC-worm

Keywords-Worms , Propagation speed, Camouflage, Non-overlapping scanning.

##plugins.themes.academic_pro.article.details##

Author Biographies

Khushboo Joshi, Shri Ram Institute of Technology, Jabalpur

M.E,System Software

Hemant Dhamecha, SRIT, Jabalpur

Assistant Professor,Computer Science Department
How to Cite
Joshi, K., & Dhamecha, H. (2014). Detection of Non-overlapping C-Worms: A Survey. International Journal of Emerging Trends in Science and Technology, 1(04). Retrieved from http://igmpublication.org/ijetst.in/index.php/ijetst/article/view/135

References

[1] Wei Yu, Xun Wang, Prasad Caylam, Dong Xuan ,and Wei Zhao, "Modeling and Detection of Camouflaging Worm",IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 3, pp. May-June, 2011.
[2] Yini Wang, Sheng Wen, Yang Xiang and wanlei Zhou,"Modeling the Propagation of Worms in Network :A Survey,IEEE Communication Survey and Tutorials ,June 2013
[3] S.Preetha ,"Modeling and Detection of Camouflaging Worm using IP Traceback",International Journal of Computer Science & Communication Networks,Vol 2(2), 190-193
[4] Jeevakatiravan, D.Hema priyadarshani,C.Chellapan ,R Dhanalakshmi," A Novel Approach for Detecting Smart Camouflaging Worm" ,in Proceeding on Theoretical and applied information technology. Vol.47, no.2, 2013
[5][1] Ahad Azarian and Mahdi Abadi," On the Trade-off between Stealth and Propagation Speed of Internet Worm", in Proceeding of IEEE International ISC Conference on Information Security and Cryptology (ISCISC), Yazd,Iran ,August 2013
[6]Juan Wang, Chengyi Xia ,Qifeng Liu," A Novel Model For the Internet Worm Propagation" in Proceedings of the IEEE Conference on Natural Computation (ICNC 2010),China ,2010.
[7] P.K.Manna, S. Chen, and S.Ranka,"Exact Modeling of propagation for permutation-scanning worms,"pp.1696-1704, in Proceedings of the 27th IEEE International Conference on Computer Communication (INFOCOM '08), Phoenix,AZ,USA,2008
[8] Y. Yang, S. Zhu, and G. Cao, “Improving sensor network immunity under worm attacks: A software diversity approach,” in Proceedings of ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), Hong Kong, May 2008.
[9] D. Ha and H. Ngo, “On the trade-off between speed and resiliency of flash worms and similar malcodes,” in Proceedings of 5th ACM Workshop on Recurring Malcode (WORM), Alexandria VA, October 2007.
[10] Yubin Li, Zesheng Chen, and Chao Chen, “Understanding divide- conquer-scanning worms,” in Proceedings of International Performance Computing and Communications Conference (IPCCC), Austin, TX, December 2008.
[11] Linux.com, Understanding Stealth Scans: Forewarned is Forearmed, http://security.itworld.com/4363/LWD010321vcontrol3/page1.html.
[12] Solar Designer, Designing and Attacking Port Scan Detection Tools, http://www.phrack.org/phrack/53/P53- 13.
[13] SANS, Internet Storm Center, http://www.dshield.org.
[14] S. Venkataraman, D. Song, P. Gibbons, and A. Blum, “New streaming algorithms for superspreader detection,” in Proceedings of the 12-th IEEE Network and Distributed Systems Security Symposium (NDSS), San Diego, CA, Febrary 2005.
[15] J. Wu, S. Vangala, and L. X. Gao, “An effective architecture and algorithm for detecting worms with various scan techniques,” in Proceedings of the 11-th IEEE Network and Distributed System Security Symposium (NDSS), San Diego, CA, Febrary 2004.
[16] C. Zou, W. B. Gong, D. Towsley, and L. X. Gao, “Monitoring and early detection for internet worms,” in Proceedings of the 10- th ACM Conference on Computer and Communication Security (CCS), Washington DC, October 2003.
[17] A.Lakhina, M.Crovella, and C.Diot, "Mining anomalies using traffic feature distribution,"in Proceedings of ACM SIGCOMM, Philadelphia, PA,August 2005.
[18] M. Cai, K, Hwang, J. Pan, and C. Papadopoulos, "Wormshield: Fast worm signature generation with distributed fingerprint aggregation." IEEE Transaction on Dependable and Secure Computing, vol.4,no.2, pp. 88-104-2007