Abstract
The scope of this research is computer worm detection. Computer worm has been defined as a process that can cause a possibly evolved copy of it to execute on a remote computer. It does not require human intervention to propagate neither does it attach itself to an existing computer file. It spreads very rapidly. Modern computer worm authors obfuscate the code to make it difficult to detect the computer worm. This research proposes to use machine learning methodology for the detection of computer worms. More specifically, ensembles are used. The research deviates from existing detection approaches by using dark space network traffic attributed to an actual worm attack to train and validate the machine learning algorithms. It is also obtained that the various ensembles perform comparatively well. Each of them is therefore a candidate for the final model. The algorithms also perform just as well as similar studies reported in the literature.
Highlights
IntroductionTrojan horse, spyware, ad-ware, computer worms among many others
Malware includes computer virus, Trojan horse, spyware, ad-ware, computer worms among many others
This research has as its scope computer worm detection in a network
Summary
Trojan horse, spyware, ad-ware, computer worms among many others. This research has as its scope computer worm detection in a network. Worms self-propagate across computer networks by exploiting security or policy flaws in widely used network services. Computer worms do not require user intervention to propagate nor do they piggyback on existing files. Their spread is very rapid [3, 4] with the ability to infect as many as 359,000 computers in under 14 hours, or even faster. Computer worms present unique challenges to security researchers motivating this study
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have