A smart IDS and response system for the internet malicious worm
Authors: 
Jason C. Hung, Chun-Chia Wang, Lun-Ping Hung, Anthony Y. Chang, Yi-Chun LiaoAuthors Info & Claims
Pages 70 - 77
Abstract
In this paper, we proposed a behaviour-based intrusion detection and response system for the internet worm. The LAWS (Lambent Anti-Worm System) can detect the intruded services and influenced range automatically. Besides, it also can analyse the key information of the intrusion. The worm can attack a large number of computers via a network in a very short period, especially distributed damage via the network services. Those worms always enter or attack computers by the backdoor or under-channel. There is no effective solution to prevent the damage caused by worms. We can stop the worm's distribution and intrusion in advance according to the information from LAWS. In addition to detecting and preventing the distribution of well-known malicious worms, the LAWS can also defend against the future unknown, or new malicious worms. Mobile agents will help the LAWS to form a cooperated defence system (CDS) for other LAWS's users over the internet. The contribution of our system is to decrease the response time of attack and reduce the damaged range. At the same time, it also diminishes the damage and decreases the fixed cost.
References
[1]
Arbaugh, B. (2002) 'Security: technical, social, and legal challenges', Journal of Computer, Vol. 35, No. 2, February, pp. 109-111.
[2]
Gangadharan, M. and Hwang, K. (2001) 'Intranet security with micro-firewalls and mobile agents for proactive intrusion response', Proceedings of 2001 International Conference on Computer Networks and Mobile Computing, 16-19 October, pp. 325-332.
[3]
Hoagland, J.A. and Staniford, S. (2001) 'Viewing IDS alerts: lessons from SnortSnarf', Proceedings of DARPA Information Survivability Conference and Exposition II, 2001. DISCEX '01, Vol. 1, pp. 374-386.
[4]
Kent, S. (2000) 'On the trail of intrusions into information systems', IEEE Spectrum, December, Vol. 37, No. 12, pp. 52-56.
[5]
Wagner, D. and Dean, R. (2001) 'Intrusion detection via static analysis', Proceedings of 2001 IEEE Symposium on Security and Privacy (S&P2001), pp. 156-168.
[6]
Yang, X.R. et al. (2001) 'Intrusion detection system', Proceedings of 2001 International Conferences on Info-tech and Infonet (ICII), Beijing, Vol. 5, pp. 19-23.
[7]
Charles Schmidt (2001) The History of Worm Like Programs, http://www.snowplow.org/tom/worm/history.html.
[8]
Charles Schmidt and Tom Darby (2001) The What, Why, and How of the 1988 Internet Worm, http://www.snowplow.org/tom/ worm/worm.html.
[9]
Dasgupta, D. and Brian, H. (2001) 'Mobile security agents for network traffic analysis', Proceedings of DARPA Information Survivability Conference and Exposition II, 2001. DISCEX '01, Vol. 2, pp. 332-340.
[10]
Erbacher, R.F. and Frincke, D. (2000) 'Visualization in detection of intrusions and misuse in large scale networks', Proceedings of IEEE International Conference on Information Visualization, pp. 294-299.
[11]
Hairong, Q. et al. (2001) 'Multiresolution data integration using mobile agents in distributed sensor networks', IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, Vol. 31, No. 3, August, pp. 383-391.
[12]
http://ca.com/solutions/enterprise/ctrust/sw_intrusion_detection/ product_info/sw3_whitepaper.htm.
[13]
http://documents.iss.net/literature/RealSecure/rs5_0faq.pdf.
[14]
Hung, J.C. et al. (2002) 'Strategies and techniques for mobile media server', Proceedings of the Second International Workshop on Intelligent Multimedia Computing and Networking (IMMCN'2002), 8-12 March, Durham, North Carolina, USA.
[15]
Mankin, A. et al. (2001) 'On design and evaluation of 'intention-driven' ICMP traceback', Proceedings of the Tenth International Conference on Computer Communications and Networks, pp. 159-165.
[16]
Shan, Z. et al. (2001) 'A network state based intrusion detection model', Proceedings of 2001 International Conference on Computer Networks and Mobile Computing, pp. 481-486.
[17]
Zhang, R. et al. (2001) 'Multi-agent based intrusion detection architecture', Proceedings of 2001 International Conference on Computer Networks and Mobile Computing, pp. 481-486.
- A smart IDS and response system for the internet malicious worm
Recommendations
A Behavior-Based Anti-Worm System
AINA '03: Proceedings of the 17th International Conference on Advanced Information Networking and ApplicationsIn this paper, we proposed a behavior-based intrusion detection and response system for the Internet worm named Lambent Anti-Worm System (LAWS). The LAWS can detect the intruded services and influenced range automatically. Besides, It also can analyze ...
Enhancing Intrusion Detection System with proximity information
Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly ...
Malicious SSL Certificate Detection: A Step Towards Advanced Persistent Threat Defence
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsAdvanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&C) ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Inderscience Publishers
Geneva 15, Switzerland
Publication History
Published: 01 November 2005
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 21 Nov 2024
Other Metrics
Citations
View Options
View options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in