Self-duplicating, self-propagating malicious codes known as computer worms spread themselves without any human interaction and launch the most destructive attacks against computer network. Active worm’s is also one type of worm which causes more security threats to the internet, due to ability of active worms to propagate in an automated fashion.
Active worms evolve during their propagation and so pose great challenge to defend against them. This article presents a survey and comparison of internet worm detection and containment schemes, modeling of c-worm. The c-worm camouflages its propagation from existing worm detection systems. So in order to identify and analyze these c-worms, We design novel spectrum based scheme to detect c-worm. This scheme uses Centralized data center, monitor, and user as main actors.
Here we first analyses characteristics of worm through their behavior and classify worm detection algorithms based on parameters used in the algorithm. The novel spectrum based detection scheme uses PSD distribution of scan traffic volume and its corresponding SFM to distinguish c-worm traffic from background traffic. Using a comprehensive set of detection matrices and real world traces as background traffic.
We conduct extensive performance evaluations on our proposed scheme. The performance data clearly demonstrates that our scheme can effectively detect c-worm propagation. Our scheme can not only detect c-worm but traditional worms as well.
Authors: Chavan M.K, Madane P.V