We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global email flow, single host e-mail flow, reject, sender field analysis).
Worm detection using e-mail data mining
M Aiello;D Chiarella;G Papaleo
2006
Abstract
We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global email flow, single host e-mail flow, reject, sender field analysis).File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
