Active worms pose major security threats to the Internet. This is due to the flexibility of active worms to propagate in an automatic fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation, and so, cause nice challenges to defend against them. In this paper, we investigate a brand new category of active worms, referred to as Camouflaging Worm (C-Worm in brief). The C-Worm is completely different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and nonworm traffic (background traffic). We observe that these two sorts of traffic are barely distinguishable within the time domain. However, their distinction is obvious within the frequency domain, thanks to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-primarily based theme to detect the C-Worm. Our theme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to differentiate the C-Worm traffic from background traffic. Using a comprehensive set of detection metrics and real-world traces as background traffic, we have a tendency to conduct in depth performance evaluations on our proposed spectrum-based mostly detection scheme. The performance knowledge clearly demonstrates that our theme will effectively detect the C-Worm propagation. Furthermore, we have a tendency to show the generality of our spectrum-based mostly theme in effectively detecting not solely the C-Worm, however ancient worms in addition.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here