IJSER Home >> Journal >> IJSER
International Journal of Scientific and Engineering Research
ISSN Online 2229-5518
ISSN Print: 2229-5518 3    
Website: http://www.ijser.org
scirp IJSER >> Volume 3,Issue 3,March 2012
Netflow method used for internet worm detetion
Full Text(PDF, )  PP.303-309  
Ms. Vidya mhaske-Dhamdhere, Prof. G.A. Patil
Internet worms, anomaly detection, network intrusion detection, netflow
Due to easy access and requirement of the Internet make it more popular for research and information sharing. Because of this feature a malicious codes are also easily exchange. A worm (malicious codes) can disturb network and normal network operation. Internet worms are causes significant worldwide disruption, a huge number of infected hosts generate traffic, which will impact the performance of the internet. Therefore this is one of the areas where researchers are concentrating to find effective detection system, which will presence the worms and reduce the worm's spread. This paper deals with a classified study of most important and commonly used methods for detecting internet worms using Netflow, which can help network managers to monitor suspect Internet worm's activities by analyzing the source data from the router
[1].Al-Hammadi, Y.; Leckie, C, ”Anomaly detection for Internet worms”, Integrated Network Management, 2005, 9th IFIP/IEEE International Symposium on 15-19 May 2005, vol. 2, pp.133-146.

[2]. Ellis R. D., Aiken G. J., Attwood S. K., and Tenaglia S., “A Behavioral Approach to Worm Detection”, WORM’04, Washington, DC, USA, 29th October 2004,vol.13, pp.71-79

[3]. Schechter S., Jung J., Berger W. A., “Fast Detection of Scanning Worm Infections”, 7th International Symposium on Recent Advance in IntrusionmDetection (RAID), September 2004, vol.19, pp-17-57.

[4]. Shou-Chuan L., Wen-Chu K., and Mu-Cheng H.,“Defending against Internet Worm-like Infestations”, the 18th ”2008, vol.15,pp.581-586 International Conference on Advanced Information Networking and Applications, 2004 vol.1 pp.152-157.

[5]. Weaver N., Paxson V., Staniford S., Cunningham R., “A taxonomy of computer worms”, Proceedings of the 2003 ACM workshop on Rapid Malcode, 2003, vol.23,pp.785-791.

[6]. Yi-Tung F. Chan Charles A. Shoniregun, Galyna A. Akmayeva “A Net Flow Based Internet-worm Detecting System in Large Network

[7] V. P. N. Weaver, S. Staniford, and R. Cunningham, “A Taxonomy of Computer Worms,” Proc. ACM WORM ’03, 2003.

[8] J.M. Niels Provos and Ke Wang, “Search Worms,” Proc. ACM WORM ’06, 2006.

[9] G. P. Schaffer, “Worms and Viruses and Botnets, Oh My! Rational Responses to Emerging Internet Threats,” IEEE Sec. &Privacy, vol. 4, 2006, pp. 52–58.

[10] J. Z. Moheeb Abu Rajab, F. Monrose, and A. Terzis, “A Multifaceted Approach to Understanding the Botnet Phenomenon,”Proc. 6th ACM SIGCOMM on Internet Measurement, 2006.

[11] E. C. Ying Zhang and Z. Morley Mao, “Internet-Scale Malware Mitigation: Combining Intelligence of the Control and Data Plane,” Proc. ACM WORM ’06, 2006.

[12] V. P. D. Moore et al., “Inside the Slammer Worm,” IEEE Sec. & Privacy, vol. 1, 2003, pp. 33–39.

[13] D. G. Glazer, “Computer Worms,” May 2005, http://www. R search.umbc.edu/~dgorin1/is432/worms.htm

[14] “Morris (Computer Worm),” retrieved July 2007, http://en.wikipedia.org/wiki/Morris_worm

[15] “F-Secure Virus Descriptions: Nimda,” retrieved July 2007, http://www.f-secure.com/v-descs/nimda.shtml, 2001

[16] “CERT” Advisory CA-2001-26 Nimda Worm,” retrieved July 2007, http://www.cert.org/advisories/CA-2001-26.html, 2001.

[17] “F-Secure Computer Virus Information Pages: Slammer,” vol. May, 2005, http://www.f-secure.com/v-descs/mssqlm.shtml

[18] “Sasser Worm Analysis —LURHQ,” May 2005, http://www. lurhq.com/sasser.html

[19] “Secunia —Virus Information —Sasser.G,” May 2005, http:// secunia.com/virus_information/11515/sasser.g

[20] “F-Secure Computer Virus Information Pages: Witty,” May 2005, http://www.f-secure.com/v-descs/witty.shtml

[21] C. S. D. Moore, “The Spread of the Witty Worm,” IEEE Sec. & Privacy, vol. 2, 2004, pp. 46–50.

[22] R. A. et al., Snort 2.1 Intrusion Detection, 2nd ed., Syngress, O’Reilly, 2004, pp. 490–91.

[23] S. E. D. Bolzoni and P. Hartel, “POSEIDON: A 2-Tier AnomalyBased Network Intrusion Detection System,” Proc. 4th IEEE Int’l Wksp. Info. Assurance, 2006.

[24] “Snort,” May 2005, http://www.snort.org

[25] G. B. V. Berk and R. Morris, “Designing a Framework for Active Worm Detectionon Global Networks,” Proc. 1st IEEE Int’l. Wksp. Info. Assurance, 2003.

[26] S. C. Y. Tang, “Slowing Down Internet Worms,” Proc. 24th IEEE Int’l Conf. Distrib. Comp.. Sys., 2004.

[27] S. C. S. Ranka, “An Internet-Worm Early Warning System,” Proc. IEEE GLOBECOM, 2004.

[28] S. S. J. Jung, A. Berger, “Fast Detection of Scanning Worm Infections,” Proc. 7th Int’l Symp. Recent Advances in Intrusion Detection, 2004.

[29] V. P. J. Jung et al., “Fast Portscan Detection Using Sequential Hypothesis Testing,” Proc. IEEE Symp. Sec. and Privacy, 2004.

[30] D. E. N. Weaver, S. Staniford, and V. Paxson, “Worms vs. Perimeters —The Case for Hard-LANs,” Proc. 12th Annual IEEE Symp. High Perf. Interconnects, 2004.

[31] M. S. G. Gu et al., “Worm Detection, Early Warning and Response Based on Local Victim Information,” Proc. 20th Annual Comp. Sec. Apps. Conf., 2004.

[32] D. D. X. Qin et al., “Worm Detection Using Local Networks,” tech. rep., College of Computing, Georgia Tech, 2004.

[33] C. E. S. Singh, G. Varghese, and S. Savage, “The EarlyBird System for Real-Time Detection of Unknown Worms,” UCSD tech rep. CS2003-0761, 2003.

[34] L. G. Z. Chen and K. Kwiat, “Modeling the Spread of Active Worms,” Proc. IEEE Comp. and Commun. Societies AnnualJoint Conf., 2003.

[35] S. V. J. Wu,L. Gao, and K. Kwiat, “An Efficient Architecture and Algorithm for Detecting Worms with Various Scan Techniques,” Proc. Network and Distrib. Sys. Sec. Symp., 2004.

[36] L. Spitzner, Honeypot: Tracking Hackers, Addison-Wesley, 2002.

[37] X. Q. D. Dagon et al., “Honeystat: Local Worm Detection Using Honeypots,” Proc. 7th Symp. Recent Advances in Intrusion Detection, 2004.

[38] “Honeyd Virtual Honeypot,” retrieved Aug. 2005, http:// honeyd.org

[39] N. Provos, “A Virtual Honeypot Framework,” Proc. 13th USENIX Sec. Symp., 2004.

[41] P. K. C. Matthew V. Mahoney, “PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic,” FL Inst. Tech. tech. rep. CS-2001-04, 2001.

[42] S. J. S. Ke Wang, “Anomalous Payload-Based Network Intrusion Detection,” Proc. Recent Advances in Intrusion Detection, 2004.

[43] G. C. Ke Wang and Salvatore J. Stolfo, “Anomalous Payloadbased Worm Detection and Signature Generation,” Proc. 8th Int’l Symp. Recent Advances in Intrusion Detection, 2005.

[44] B. M. J. Lockwood, “Design of a System for Real-Time Worm Detection,” Proc. 12th IEEE Annual Symp. High Perf. Interconnects, 2004.

[40] J. C. C. Kreibich, “Honeycomb —Creating Intrusion Detection Signatures Using Honeypots,” Proc. 2nd Wksp. Hot Topics inNetworks, 2003.

[45] B. K. H. Kim, “Autograph: Toward Automated, Distributed Worm Signature Detection,” Proc. 13th USENIX Sec. Symp., 2004.

[46] B. K. J. Newsome and D. Song, “Polygraph: Automatically

Untitled Page