Active worms cause major security threats to the Internet. This is because of the power of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve throughout their propagation, and so, produce great challenges to defend against them. In this paper, we tend to tend to analyze a complete new class of active worms, known as Camouflaging Worm (C-Worm in short). The C-Worm is completely different from ancient worms as a result of of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems primarily based on analyzing the propagation traffic generated by worms. We tend to investigate characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and nonworm traffic (background traffic). We tend to generally tend to watch that these two types of traffic are barely distinguishable in the time domain. However, their distinction is obvious at intervals the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we tend to tend to style a completely unique spectrum-based mostly scheme to detect the C-Worm. Our scheme uses the power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to tell apart the C-Worm traffic from background traffic. Using a comprehensive set of detection metrics and real-world traces as background traffic, we tend to conduct intensive performance evaluations on our proposed spectrum-primarily based detection theme. The performance information clearly demonstrates that our theme will effectively detect the C-Worm propagation. Furthermore, we tend to show the generality of our spectrum-primarily based theme in effectively detecting not only the C-Worm, but ancient worms furthermore.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here