By Topic

Java based Simulator to Detect Zero-Day Silent Worms using ACTM

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Bhatia, A. ; Comput. Dept., Vishwakarma Inst. of Technol., Pune ; Dhabe, P.S. ; Pukale, S.G.

There are different types of computer worms like email worms, IRC worms, network worms, e.t.c. silent worms are network worms which have a hit-list of vulnerable hosts and limits the number of infection activities of each copy to suppress anomaly network activities of each infected host. There are different techniques which use aggressive nature of network worms as a clue to detect network worms but these techniques aren't effective against silent worms. Hence, anomaly connection tree method (ACTM) is used to detect silent worms. ACTM uses a worm propagation behaviour expressed as tree-like structures composed of infection connections as edges to detect silent worms. Then, by detecting connections composed of anomaly connections, ACTM detects the worms before 10% of the hosts are infected. Comparison of ACTM with other method like AC counting method is done to show that the tree structure help detect the worm faster than just considering the anomaly connections making the detection rate faster. The simulator explained in this paper have been designed and implemented using Java.

Published in:

Advance Computing Conference, 2009. IACC 2009. IEEE International

Date of Conference:

6-7 March 2009