Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior

Hassan AL-Maksousy; Michele Weigle

Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10–12, 2018, Proceedings

Research Article

Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior

Download

137 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-030-05487-8_12,
    author={Hassan AL-Maksousy and Michele Weigle},
    title={Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior},
    proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings},
    proceedings_a={ICDF2C},
    year={2019},
    month={1},
    keywords={Deep learning Worm traffic Internet worms Sasser Slammer NotPetya WannaCry EternalRocks Visualization},
    doi={10.1007/978-3-030-05487-8_12}
}

Hassan AL-Maksousy
Michele Weigle
Year: 2019
Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior
ICDF2C
Springer
DOI: 10.1007/978-3-030-05487-8_12

Hassan AL-Maksousy¹^,*, Michele Weigle¹^,*

1: Old Dominion University

*Contact email: halma002@odu.edu, mweigle@odu.edu

Abstract

Computer worms are characterized by rapid propagation and intrusive network disruption. In this work, we analyze the network behavior of five Internet worms: Sasser, Slammer, Eternal Rocks, WannaCry, and Petya. Through this analysis, we use a deep neural network to successfully classify network traces of these worms along with normal traffic. Our hybrid approach includes a visualization that allows for further analysis and tracing of the network behavior of detected worms.

Keywords: Deep learning Worm traffic Internet worms Sasser Slammer NotPetya WannaCry EternalRocks Visualization

Published: 2019-01-04
Appears in: SpringerLink

: http://dx.doi.org/10.1007/978-3-030-05487-8_12