Visible to the public A Safeguard Against Fast Self-propagating Malware

TitleA Safeguard Against Fast Self-propagating Malware
Publication TypeConference Paper
Year of Publication2016
AuthorsAhmad, Muhammad Aminu, Woodhead, Steve, Gan, Diane
Conference NameProceedings of the 6th International Conference on Communication and Network Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4783-9
KeywordsCyber defence, False Data Detection, Human Behavior, Malware, malware classification, Metrics, network worm, privacy, pubcrawl, Resiliency, worm containment

This paper presents a detection and containment mechanism for fast self-propagating network worm malware. The detection part of the mechanism uses two categories of network host activities to identify worm behaviour in a network. Upon an identified worm activity in a network, a data-link containment system is used to isolate the internal source of infection, and a network level containment system is used to block inbound worm datagrams. The mechanism has been demonstrated using a software prototype. A number of worm experiments have been conducted to evaluate the prototype. The empirical results show the effectiveness of the developed mechanism in containing fast network worm malware at an early stage with almost no false positives.

Citation Keyahmad_safeguard_2016