Abstract

A worm is a self-propagating, self-duplicating malicious code that spread without human intervention in computer networks and attacks vulnerable hosts. The severity of network worms depends on the propagation process that degrades the network performance and consume bandwidth and resource (CPU and memory). Thus, this paper presents a behavioral approach for UDP worm (worm uses UDP as transmission mechanism) detection based on scanning and Destination Source Correlation (DSC) behaviors of worm. The proposed approach consists of two sub approaches which are: 1. Statistical Cross-relation Approach for Network Scanning detection (SCANS) approach that is used to detect the presence of network scanning behavior of worm and 2. Worm correlation approach that is used to detect Destination-Source Correlation (DSC) behavior of worm. These behaviors have been chosen among other worm behaviors due to its anomaly behaviors that are clearly exhibit in the network. A salient feature of this approach is that it effective for detecting scanning DSC behaviors of worm with high accuracy. The proposed approach is evaluated with the simulated dataset obtained from Georgia Tech Network Simulator (GTNetS) simulator and confirmed that our approach is efficient in detecting UDP worm than the existing approach.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.