ACTM: Anomaly Connection Tree Method to detect Silent Worms

A
AINA
2006
20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)
Abstract - ACTM: Anomaly Connection Tree Method to detect Silent Worms

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nobutaka Kawaguchi Articles by Yusuke Azuma Articles by Shintaro Ueda Articles by Hiroshi Shigeno Articles by Ken-ichi Okada

20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)

Vienna, Austria

April 18-April 20

ISBN: 0-7695-2466-4

	ASCII Text	x
	Nobutaka Kawaguchi, Yusuke Azuma, Shintaro Ueda, Hiroshi Shigeno, Ken-ichi Okada, "ACTM: Anomaly Connection Tree Method to detect Silent Worms," Advanced Information Networking and Applications, International Conference on, vol. 1, pp. 901-908, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006.

	BibTex	x
	@article{ 10.1109/AINA.2006.70, author = {Nobutaka Kawaguchi and Yusuke Azuma and Shintaro Ueda and Hiroshi Shigeno and Ken-ichi Okada}, title = {ACTM: Anomaly Connection Tree Method to detect Silent Worms}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {1}, year = {2006}, issn = {1550-445X}, pages = {901-908}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2006.70}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - ACTM: Anomaly Connection Tree Method to detect Silent Worms SN - 1550-445X SP901 EP908 A1 - Nobutaka Kawaguchi, A1 - Yusuke Azuma, A1 - Shintaro Ueda, A1 - Hiroshi Shigeno, A1 - Ken-ichi Okada, PY - 2006 KW - null VL - 1 JA - Advanced Information Networking and Applications, International Conference on ER -

Nobutaka Kawaguchi, Keio University, Kanagawa, Japan

Yusuke Azuma, Keio University, Kanagawa, Japan

Shintaro Ueda, Keio University, Kanagawa, Japan

Hiroshi Shigeno, Keio University, Kanagawa, Japan

Ken-ichi Okada, Keio University, Kanagawa, Japan

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINA.2006.70

In this paper we propose a novel worm detection method that can detect silent worms in intranet. Most existing detection methods use aggressive activities of worms as a clue for detection and are ineffective against worms that propagate silently using a list of vulnerable hosts.

To detect such worms, we propose Anomaly Connection Tree Method (ACTM). ACTM uses two features present to most worms. First is that the worms?s propagation behaviour is expressed as tree-like structures. Second is that the worm?s selection of infection targets does not consider which hosts its infected host communicates to frequently. Then, by constructing trees that are composed of anomaly connections, ACTM detects the existence of such worms. Through the simulation results, we have shown that ACTM can detect the worms in an early stage.

Citation:

Nobutaka Kawaguchi, Yusuke Azuma, Shintaro Ueda, Hiroshi Shigeno, Ken-ichi Okada, "ACTM: Anomaly Connection Tree Method to detect Silent Worms," aina, vol. 1, pp.901-908, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.