By Topic

Performance comparison of four anomaly detectors in detecting self-propagating malware on endpoints

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Ashfaq, A.B. ; NUST Inst. of Inf. Technol., Nat. Univ. of Sci. & Technol., Rawalpindi ; Khayam, S.A.

Malware detection has emerged been an active area of research over the last few years. Numerous malware detection techniques have been proposed to combat this rapidly evolving threat. Notable of these detection techniques are rate limiting [10], [11] , the sample entropy based malware detection [8], maximum entropy estimation [9] and the TRW algorithm that employs sequential hypothesis testing [4]. Most of these techniques (except rate limiting) have been designed and tested on the network periphery (e.g., gateway router etc.) Recently, network endpoint comprising home and office computers have become the most prevalent and effective launch pads and carriers of malware infections. Moreover, endpoints represent the last (and sometimes the only effective) line of defense against the spread and detection of malware. Therefore, it is important that contemporary anomaly detectors' performances be evaluated on endpoints and under high and low-rate worm propagation attacks. This paper compares the ab2ove four anomaly detection techniques using real endpoint and worm traffic data collected on operational endpoints.

Published in:

Biometrics and Security Technologies, 2008. ISBAST 2008. International Symposium on

Date of Conference:

23-24 April 2008