Behavior-Based Worm Detection and Signature Generation

Download PDF
Open Webpage

Yu Yao, Junwei Lv, Fuxiang Gao, Yanfang Zhang, Ge Yu

Published: 01 Jan 2008, Last Modified: 15 Nov 2024IMSCCS 2008EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: High efficient and real-time characteristic of the signature-based approach guarantee the early detection of most known worms; while behavior-based approach searches for communication pattern of worms in accordance with their behavioral characteristics that are different from normal network traffic. To improve the detection rate and accuracy, two detection algorithms for diffuse type communication pattern and chain communication pattern and distributed detection architecture are proposed. Through analysis on detection result, the detection approach presented here can realize detection of both known and unknown worms with a high detection rate and accuracy.

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview