Indian Journal of Science and Technology
Year: 2015, Volume: 8, Issue: 35, Pages: 1-11
Mohammed Anbar1 *, Rosni Abdullah1 , Ahmed Manasrah2 , Alhamza Munther3 and Selvakumar Manickam1
1 National Advanced IPv6 Centre of Excellence, Universiti Sains Malaysia, Penang, Malaysia; anbar, rosin, [email protected]
2 Faculty of Information Technology and Computer Sciences, Yarmouk University, Irbid, Jordan; [email protected]
3 School of Computer and Communication Engineering, Universiti Malaysia Perlis, Perlis, Malaysia; [email protected]
A worm is a self-propagating, self-duplicating malicious code that spread without human intervention in computer networks and attacks vulnerable hosts. The severity of network worms depends on the propagation process that degrades the network performance and consume bandwidth and resource (CPU and memory). Thus, this paper presents a behavioral approach for UDP worm (worm uses UDP as transmission mechanism) detection based on scanning and Destination Source Correlation (DSC) behaviors of worm. The proposed approach consists of two sub approaches which are: 1. Statistical Cross-relation Approach for Network Scanning detection (SCANS) approach that is used to detect the presence of network scanning behavior of worm and 2. Worm correlation approach that is used to detect Destination-Source Correlation (DSC) behavior of worm. These behaviors have been chosen among other worm behaviors due to its anomaly behaviors that are clearly exhibit in the network. A salient feature of this approach is that it effective for detecting scanning DSC behaviors of worm with high accuracy. The proposed approach is evaluated with the simulated dataset obtained from Georgia Tech Network Simulator (GTNetS) simulator and confirmed that our approach is efficient in detecting UDP worm than the existing approach.
Keywords: Behavioural based Approach, UDP Worm Detection, UDP Worm
Subscribe now for latest articles and news.