Research Article
Detecting Worms via Mining Dynamic Program Execution
@INPROCEEDINGS{10.1109/SECCOM.2007.4550362, author={Xun Wang and Wei Yu and Adam Champion and Xinwen Fu and Dong Xuan}, title={Detecting Worms via Mining Dynamic Program Execution}, proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2008}, month={6}, keywords={Worm detection data mining dynamic program analysis system call tracing}, doi={10.1109/SECCOM.2007.4550362} }- Xun Wang
Wei Yu
Adam Champion
Xinwen Fu
Dong Xuan
Year: 2008
Detecting Worms via Mining Dynamic Program Execution
SECURECOMM
IEEE
DOI: 10.1109/SECCOM.2007.4550362
Abstract
Worm attacks have been major security threats to the Internet. Detecting worms, especially new, unseen worms, is still a challenging problem. In this paper, we propose a new worm detection approach based on mining dynamic program executions. This approach captures dynamic program behavior to provide accurate and efficient detection against both seen and unseen worms. In particular, we execute a large number of real-world worms and benign programs (executables), and trace their system calls. We apply two classifier-learning algorithms (Naive Bayes and Support Vector Machine) to obtain classifiers from a large number of features extracted from the system call traces. The learned classifiers are further used to carry out rapid worm detection with low overhead on the end-host. Our experimental results clearly demonstrate the effectiveness of our approach to detect new worms in terms of a very high detection rate and a low false positive rate.
