Skip to main content
SpringerLink
Log in

Detecting Unknown Worms Using Randomness Check

  • Conference paper
Information Networking. Advances in Data Communications and Wireless Networks (ICOIN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3961))

Included in the following conference series:

  • 807 Accesses

Abstract

From the appearance of CodeRed and SQL Slammer worm, we have learned that the early detection of worm epidemics is important to reduce the damage caused by their outbreak. One prominent characteristic of Internet worms is to choose next targets randomly by using a random generator. In this paper, we propose a new worm detection mechanism by checking the random distribution of destination addresses. Our mechanism generates the traffic matrix and checks the value of rank of it to detect the spreading of Internet worms. From the fact that a random binary matrix holds a high value of rank, ADUR (Anomaly Detection Using Randomness check) is proposed for detecting unknown worms based on the rank of the traffic matrix. From the experiments on various environments, we show that the ADUR mechanism effectively detects the spread of new worms in an early stage, even when there is only one host infected in a monitoring network.

This work was supported in part by the ITRC program of the Korea Ministry of Information & Communications under the grant IITA-2005-(C1090-0502-0020) and the BK21 program of the Korea Ministry of Education.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Russell, R., Machie, A.: CodeRed II worm, Tech. Rep., Incident Analysis, Security Focus (August 2001)

    Google Scholar 

  2. Machie, A., Roculan, J., Russell, R., Velsen, M.V.: Nimda worm analysis, Tech. Rep., Incident Analysis, SecurityFocus (September 2001)

    Google Scholar 

  3. CERT/CC: CERT Advisory CA-2001-26 Nimda Worm (September 2001), http://www.cert.org/advisory/CA-2001-26.html

  4. Song, D., Malan, R., Stone, R.: A snapshot of global Internet worm activity, Tech. Rep., Arbor Network (November 2001)

    Google Scholar 

  5. Park, H., Lee, H.: Evaluation of malicious codes, Tech. Rep., IIRTIRC (2004)

    Google Scholar 

  6. Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for Internet worms. In: Proc. of ACM CCS (October 2003)

    Google Scholar 

  7. Wu, J., Vangala, S., Gao, L., Kwiat, K.: An efficient architecture and algorithm for detecting worms with various scan techniques. In: Proc. of NDSS (February 2004)

    Google Scholar 

  8. Berk, V.H., Gray, R.S., Bakos, G.: Flowscan: Using sensor networks and data fusion for early detection of active worms. SPIE AeroSense 5071, 92–104 (2003)

    Article  Google Scholar 

  9. Sraniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: The 11th USENIX Security Symposium (Security 2002) (August 2002)

    Google Scholar 

  10. Weaver, N.: Warhol worms: The potential for very fast Internet plaques, http://www.cs.berkely.edu/~nweaver/warhol.html

  11. Eichin, M., Rochlis, J.: With microscope and tweezers: An analysis of the Internet virus of November 1988. In: IEEE Symposium on Security and Privacy (1989)

    Google Scholar 

  12. Zou, C.C., Gong, W., Towsley, D.: CodeRed worm propagation modeling and analysis. In: Proc. of ACM CCS (November 2002)

    Google Scholar 

  13. Machie, A., Roculan, J., Russell, R., Velzen, M.V.: Nimda worm analysis, Tech. Rep., Incident Analysis, SecurityFocus (September 2001)

    Google Scholar 

  14. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Magazine of Security and Privacy, 33–39 (July/August 2003)

    Google Scholar 

  15. Chen, Z., Gao, L., Kwiat, K.: Modeling the spread of active worms. In: IEEE INFOCOM (2003)

    Google Scholar 

  16. Anton, H.: Elementary linear algebra, 7th edn. John Wiley & Sons, Inc., Chichester (1994)

    MATH  Google Scholar 

  17. Marsaglia, G., Tsay, L.H.: Matrices and the structure of random number sequences. Linear algebra and its applications 67, 147–156 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  18. Marsaglia, G.: DIEHARD: a battery of tests of randomness, http://stat.fsu.edu/~geo/diehard.html

Download references

Author information

Authors and Affiliations

  1. Korea University, Seoul, 136-713, South Korea

    Hyundo Park & Heejo Lee

Authors
  1. Hyundo Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heejo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communications Engineering, Hankuk University of Foreign Studies, Imun-dong, Dongdaemun-Gu, 130-790, Seoul, Korea

    Ilyoung Chong

  2. Kyusyu Institute of Technology, 680-4, Kawazu, Japan

    Kenji Kawahara

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, H., Lee, H. (2006). Detecting Unknown Worms Using Randomness Check. In: Chong, I., Kawahara, K. (eds) Information Networking. Advances in Data Communications and Wireless Networks. ICOIN 2006. Lecture Notes in Computer Science, vol 3961. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11919568_77

Download citation

  • DOI: https://doi.org/10.1007/11919568_77

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-48563-6

  • Online ISBN: 978-3-540-48564-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation