We are currently experiencing intermittent issues impacting performance. We apologize for the inconvenience.
By Topic

DAWN: A Novel Strategy for Detecting ASCII Worms in Networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Manna, P.K. ; Univ. of Florida, Gainesville ; Ranka, S. ; Shigang Chen

While a considerable amount of research has been done for detecting the binary worms exploiting the vulnerability of buffer overflow, very little effort has been spent in detecting worms that consist of only text, Le., printable ASCII characters. We show that the existing worm detectors often either do not examine the ASCII stream or are not well suited to efficiently detect worms in the ASCII stream due to the structural properties of the ASCII payload. In this paper, we analyze the potentials and constraints of the ASCII worms vis-a-vis their binary counterpart, and devise a detection technique that would exploit those limitations. We introduce DAWN, a novel ASCII worm detection strategy that is fast, easily deployable, and has very little overhead. Unlike many signature-based detection methods, DAWN is completely signature-free and therefore capable of detecting zero-day outbreak of ASCII worms.

Published in:

INFOCOM 2008. The 27th Conference on Computer Communications. IEEE

Date of Conference:

13-18 April 2008