Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10–12, 2018, Proceedings

Research Article

Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior

Download
216 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-030-05487-8_12,
    author={Hassan AL-Maksousy and Michele Weigle},
    title={Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior},
    proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings},
    proceedings_a={ICDF2C},
    year={2019},
    month={1},
    keywords={Deep learning Worm traffic Internet worms Sasser Slammer NotPetya WannaCry EternalRocks Visualization},
    doi={10.1007/978-3-030-05487-8_12}
}
  • Hassan AL-Maksousy
    Michele Weigle
    Year: 2019
    Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior
    ICDF2C
    Springer
    DOI: 10.1007/978-3-030-05487-8_12
Hassan AL-Maksousy1,*, Michele Weigle1,*
  • 1: Old Dominion University
*Contact email: halma002@odu.edu, mweigle@odu.edu

Abstract

Computer worms are characterized by rapid propagation and intrusive network disruption. In this work, we analyze the network behavior of five Internet worms: Sasser, Slammer, Eternal Rocks, WannaCry, and Petya. Through this analysis, we use a deep neural network to successfully classify network traces of these worms along with normal traffic. Our hybrid approach includes a visualization that allows for further analysis and tracing of the network behavior of detected worms.

Keywords
Deep learning Worm traffic Internet worms Sasser Slammer NotPetya WannaCry EternalRocks Visualization
Published
2019-01-04
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-030-05487-8_12
Copyright © 2018–2024 ICST
EAI Logo

About EAI

Community

Publish with EAI