PTBBWD: A Fast Process Traffic Behavior Based Worm Detection Algorithm

Authors :: Chen Xin
Hu Hua-ping
Xiao Fengtao
Liu Bo
Source :: 2008 International Seminar on Future Information Technology and Management Engineering.
Publication Year :: 2008
Publisher :: IEEE, 2008.
Abstract: An algorithm named PTBBWD is presented to detect worms. It is process traffic behavior based and has considered three important behaviors: total amount of source ports in wormlike traffic, changing frequency of source ports in wormlike process traffic and the wormlike traffic proportion of the total process traffic. Unlike similar work before, PTBBWD checks the frequency and the total amount of source ports only when a process is sending wormlike traffic. Experiments using applications in the wild show that PTBBWD can detect worms quickly and correctly with small false positives.

Subjects :: Software
Computer science
business.industry
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
Computer worm
Real-time computing
Process (computing)
False positive paradox
business
Algorithm

Database :: OpenAIRE
Journal :: 2008 International Seminar on Future Information Technology and Management Engineering
Accession number :: edsair.doi...........79cd5446c36ec1e8c338b62dda577065
Full Text :: https://doi.org/10.1109/fitme.2008.150