ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper A Study of Polymorphic Worm Detection using Efficient Tree Learning based on TCP Session
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Il Ahn Cheong, Taek Yong Nam
Issue Date
2006-09
Citation
Asia-Pacific Network Operations and Management Symposium (APNOMS) 2006, pp.1-8
Language
English
Type
Conference Paper
Abstract
To effectively detect varied worms spreading on network, in this paper we study to apply an efficient tree induction algorithm which is adequate to find peculiar rules of worm based on entropy theory. To generate detection rules, we use the 120 session information related to network connection extracted from a network dump data generated by worm and the efficient tree induction algorithm such as EC4.5 to automatically generate the rules of worm behavior. As the result of experiments, we are able to generate the detection rules for sample worms such as Beagle, Mydoom, Netsky and Agobot, and to effectively detect the variation of those worms with generated rules for each worm.
KSP Keywords
Detection Rules, Entropy theory, Network connection, Tree induction, worm detection