Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10–12, 2018, Proceedings

Research Article

Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior

Download
212 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-05487-8_12,
        author={Hassan AL-Maksousy and Michele Weigle},
        title={Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior},
        proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings},
        proceedings_a={ICDF2C},
        year={2019},
        month={1},
        keywords={Deep learning Worm traffic Internet worms Sasser Slammer NotPetya WannaCry EternalRocks Visualization},
        doi={10.1007/978-3-030-05487-8_12}
    }
    
  • Hassan AL-Maksousy
    Michele Weigle
    Year: 2019
    Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior
    ICDF2C
    Springer
    DOI: 10.1007/978-3-030-05487-8_12
Hassan AL-Maksousy1,*, Michele Weigle1,*
  • 1: Old Dominion University
*Contact email: halma002@odu.edu, mweigle@odu.edu

Abstract

Computer worms are characterized by rapid propagation and intrusive network disruption. In this work, we analyze the network behavior of five Internet worms: Sasser, Slammer, Eternal Rocks, WannaCry, and Petya. Through this analysis, we use a deep neural network to successfully classify network traces of these worms along with normal traffic. Our hybrid approach includes a visualization that allows for further analysis and tracing of the network behavior of detected worms.