Research Article
Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior
216 downloads
@INPROCEEDINGS{10.1007/978-3-030-05487-8_12, author={Hassan AL-Maksousy and Michele Weigle}, title={Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior}, proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings}, proceedings_a={ICDF2C}, year={2019}, month={1}, keywords={Deep learning Worm traffic Internet worms Sasser Slammer NotPetya WannaCry EternalRocks Visualization}, doi={10.1007/978-3-030-05487-8_12} }
- Hassan AL-Maksousy
Michele Weigle
Year: 2019
Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior
ICDF2C
Springer
DOI: 10.1007/978-3-030-05487-8_12
Abstract
Computer worms are characterized by rapid propagation and intrusive network disruption. In this work, we analyze the network behavior of five Internet worms: Sasser, Slammer, Eternal Rocks, WannaCry, and Petya. Through this analysis, we use a deep neural network to successfully classify network traces of these worms along with normal traffic. Our hybrid approach includes a visualization that allows for further analysis and tracing of the network behavior of detected worms.
Copyright © 2018–2024 ICST