International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
WORM VIRUS ACCESS CONTROL HOW DO WORM VIRUS/COMPUTER WORMS WORK AND SPREAD HOW TO TELL IF YOU’RE COMPUTER HAS A WORM TRPOJAN TYPES OF TROJAN ACCESS CONTROL DISTRIBUTED DENIAL OF SERVICE SQL INJECTIONS & DATA ATTACK AUTHENTICATION BASIC AUTHENTICATION
Computer viruses, worms, and Trojan horses pose a threat to computers. Viruses spread from file to file on a computer but require file sharing to infect other computers. Worms exploit networks to spread rapidly from computer to computer. Trojan horses appear harmless but damage or steal information from infected computers. While most viruses and worms only self-replicate, some are programmed to damage systems through payloads like deleting files. Virus writers aim to evade detection through techniques like polymorphism that mutate code to avoid consistent fingerprints.
This document summarizes a research paper that proposes new schemes called Power Spectral Density (PSD) and Spectral Flatness Measure (SFM) to detect camouflaging worms (C-worms). C-worms are a new type of worm that can hide their traffic patterns to avoid detection by existing anti-worm software. The proposed schemes aim to differentiate C-worm traffic from normal background traffic and normal worm traffic in the frequency domain, since their traffic patterns cannot be differentiated in the time domain. The results of applying PSD and SFM showed they were effective in detecting C-worms while existing detection systems could not distinguish C-worm and normal worm traffic.
A computer worm is a self-replicating malware program that spreads across a network without user intervention by exploiting security vulnerabilities. Worms replicate by using network resources which can slow networks and systems. While some are designed only to spread, others have payloads that can delete files, encrypt files in ransomware attacks, or install backdoors for remote control in botnets. Protecting against worms involves keeping systems patched, using antivirus software, firewalls, and avoiding opening unexpected email attachments or visiting unknown websites. The first modern worm was the 1988 Morris worm which disrupted about 10% of Internet-connected computers.
This document discusses various types of traditional and new malware, including worms. It describes how worms propagate by exploiting vulnerabilities to infect other systems. Specifically, it examines the Code Red, Slammer, and Witty/Sasser worms, noting how Code Red was latency-limited while Slammer was able to achieve extremely fast propagation speeds due to being bandwidth-limited. The document also briefly mentions the Sobig worms. Host-based and network-based detection techniques are discussed as ways to detect not only worms but other malware attacks.
This document defines and discusses various types of malware such as computer viruses, worms, and zombies. It provides a timeline of notable computer viruses from 1981-1988 and describes how viruses spread by inserting copies of themselves into other executable files. Worms are defined as self-replicating programs that do not require being part of another program. The Morris worm of 1988 was one of the first major worms. Zombies have been used to send a majority of spam emails. Denial of service attacks aim to deny service to legitimate users by overloading the target system. Notable viruses discussed include Melissa, ILOVEYOU, and MyDoom.
Cyber Security is an important aspect in the field of information technology. Either it is often neglected or given a lesser priority .One of the biggest challenges that we face today is to secure information. The first thing that comes to our mind whenever we think about cyber security is ‘cyber crimes’, which are increasing at a very fast pace. Governments of countries, agencies and companies are taking crucial measures in order to prevent cybercrimes. Despite taking measures cyber security is still a very big concern. This paper mainly lays emphasis on the definition of worms, difference between worms and viruses, behavioural patterns of worms, major categories of worms, aspects of designing of worms, life cycle of worms, history and timeline of worms and a case study of Stuxnet.
Modeling and Containment of Uniform Scanning WormsIOSR Journals
This document presents a branching process model for characterizing the propagation of uniform scanning worms on the Internet. The model models both the inter-host and intra-host spreading of worms. It then describes an automatic worm containment strategy that aims to contain uniform scanning worms by detecting infected machines through scanning and deleting worm files. The model and containment strategy are validated through simulations. The document concludes by discussing modeling topology-aware worms and designing containment mechanisms for them.
WORM VIRUS ACCESS CONTROL HOW DO WORM VIRUS/COMPUTER WORMS WORK AND SPREAD HOW TO TELL IF YOU’RE COMPUTER HAS A WORM TRPOJAN TYPES OF TROJAN ACCESS CONTROL DISTRIBUTED DENIAL OF SERVICE SQL INJECTIONS & DATA ATTACK AUTHENTICATION BASIC AUTHENTICATION
Computer viruses, worms, and Trojan horses pose a threat to computers. Viruses spread from file to file on a computer but require file sharing to infect other computers. Worms exploit networks to spread rapidly from computer to computer. Trojan horses appear harmless but damage or steal information from infected computers. While most viruses and worms only self-replicate, some are programmed to damage systems through payloads like deleting files. Virus writers aim to evade detection through techniques like polymorphism that mutate code to avoid consistent fingerprints.
This document summarizes a research paper that proposes new schemes called Power Spectral Density (PSD) and Spectral Flatness Measure (SFM) to detect camouflaging worms (C-worms). C-worms are a new type of worm that can hide their traffic patterns to avoid detection by existing anti-worm software. The proposed schemes aim to differentiate C-worm traffic from normal background traffic and normal worm traffic in the frequency domain, since their traffic patterns cannot be differentiated in the time domain. The results of applying PSD and SFM showed they were effective in detecting C-worms while existing detection systems could not distinguish C-worm and normal worm traffic.
A computer worm is a self-replicating malware program that spreads across a network without user intervention by exploiting security vulnerabilities. Worms replicate by using network resources which can slow networks and systems. While some are designed only to spread, others have payloads that can delete files, encrypt files in ransomware attacks, or install backdoors for remote control in botnets. Protecting against worms involves keeping systems patched, using antivirus software, firewalls, and avoiding opening unexpected email attachments or visiting unknown websites. The first modern worm was the 1988 Morris worm which disrupted about 10% of Internet-connected computers.
This document discusses various types of traditional and new malware, including worms. It describes how worms propagate by exploiting vulnerabilities to infect other systems. Specifically, it examines the Code Red, Slammer, and Witty/Sasser worms, noting how Code Red was latency-limited while Slammer was able to achieve extremely fast propagation speeds due to being bandwidth-limited. The document also briefly mentions the Sobig worms. Host-based and network-based detection techniques are discussed as ways to detect not only worms but other malware attacks.
This document defines and discusses various types of malware such as computer viruses, worms, and zombies. It provides a timeline of notable computer viruses from 1981-1988 and describes how viruses spread by inserting copies of themselves into other executable files. Worms are defined as self-replicating programs that do not require being part of another program. The Morris worm of 1988 was one of the first major worms. Zombies have been used to send a majority of spam emails. Denial of service attacks aim to deny service to legitimate users by overloading the target system. Notable viruses discussed include Melissa, ILOVEYOU, and MyDoom.
Cyber Security is an important aspect in the field of information technology. Either it is often neglected or given a lesser priority .One of the biggest challenges that we face today is to secure information. The first thing that comes to our mind whenever we think about cyber security is ‘cyber crimes’, which are increasing at a very fast pace. Governments of countries, agencies and companies are taking crucial measures in order to prevent cybercrimes. Despite taking measures cyber security is still a very big concern. This paper mainly lays emphasis on the definition of worms, difference between worms and viruses, behavioural patterns of worms, major categories of worms, aspects of designing of worms, life cycle of worms, history and timeline of worms and a case study of Stuxnet.
Modeling and Containment of Uniform Scanning WormsIOSR Journals
This document presents a branching process model for characterizing the propagation of uniform scanning worms on the Internet. The model models both the inter-host and intra-host spreading of worms. It then describes an automatic worm containment strategy that aims to contain uniform scanning worms by detecting infected machines through scanning and deleting worm files. The model and containment strategy are validated through simulations. The document concludes by discussing modeling topology-aware worms and designing containment mechanisms for them.
2011 modeling and detection of camouflaging wormdeepikareddy123
This document summarizes a research article about detecting a new type of active worm called a Camouflaging Worm (C-Worm). The C-Worm aims to avoid detection by manipulating its scan traffic volume over time to camouflage its propagation. The researchers analyze characteristics of the C-Worm traffic in both time and frequency domains. They observe that while C-Worm traffic shows no noticeable trends over time, it demonstrates a distinct pattern in the frequency domain with a narrow concentration of frequencies. Based on this, they develop a novel spectrum-based detection scheme using power spectral density distribution and spectral flatness measure to distinguish C-Worm traffic from background traffic. Evaluation shows their scheme can effectively detect C
Trojans are malware that disguise themselves to gain access to a user's computer without their awareness. They spread by tricking users into downloading email attachments or clicking on fake advertisements. Once installed, they can allow hackers to access personal information, delete files, or use the computer as an anonymizing proxy for illegal activities. Examples include Zeus, which steals banking credentials, and CryptoLocker ransomware, which encrypts files until a ransom is paid. Trojans demonstrate that no system is immune, as shown by the Mac Flashback Trojan.
Computer viruses are small programs that spread from computer to computer and interfere with operations. They can corrupt or delete files, use email to spread, or erase hard disks. Viruses often spread as attachments but can also be hidden in downloads. Different malware like viruses, Trojans, and worms operate in various ways but must be executed to function. Viruses may play sounds, display images or text, or damage files when activated. It is important to be cautious of suspicious files and use antivirus software to prevent infections.
The document defines viruses and worms, and describes how they infect systems and spread. It provides examples of notable viruses and worms from the past, including the Morris Worm (1988), which was one of the first to spread over the Internet, and the Christmas Tree Exec worm (1987), which disrupted several computer networks. Viruses attach to and execute with other programs, while worms replicate across networks without needing to attach to other files.
The document discusses network virus detection and prevention, describing different types of viruses like worms, Trojans, and viruses, how they spread and infect systems through various techniques like overwriting files or boot sectors. It also covers methods of identifying viruses through signature-based detection or heuristics, as well as prevention techniques like generations of antivirus software and case studies of worms like Slammer and Blaster.
How computer works against thevirus or any threatSadaf Walliyani
A computer virus is a malicious program that can replicate itself and spread from one computer to another. Viruses spread by inserting copies of themselves into other executable programs or documents. They often spread via removable media like floppy disks in early computers. Different types of malware exist beyond viruses, including worms, trojans, and spyware. Antivirus software aims to detect and remove viruses using signature definitions of known viruses or by monitoring for suspicious program behavior.
This document provides an overview of computer viruses, including their history and how they function. It defines viruses and differentiates them from other types of malware like worms and Trojan horses. It describes how viruses infect systems through executable files, boot sectors, and macros. It also outlines various infection strategies used by viruses and methods they employ to avoid detection, such as avoiding bait files, using stealth techniques, and polymorphism.
This document analyzes virus algorithms and proposes guidelines for controlling viruses based on the human immune system. It discusses three stages of virus writers from novice to professional. It describes features of various virus algorithms, including their ability to cover traces, use encryption, be polymorphic, use metamorphic code, be terminate and stay resident (TSR), and use non-standard techniques. Finally, it proposes four guidelines for computer security based on analogies to the human immune system: data protection, detection of anomalous behavior, isolation of infected systems, and development of adaptive security systems.
Computer security involves protecting computers and networks from hardware theft and vandalism. Some techniques used include locked doors and windows, alarm systems, cables to lock equipment down, and small locking devices for hard disks and optical drives. For mobile devices, tracking software, passwords, and biometrics can provide protection and deterrence against theft. Anti-theft measures aim to render stolen hardware useless to thieves.
This document discusses modern malware threats and techniques. It defines malware and describes traditional vs modern malware approaches. Modern malware uses stealthy techniques like obfuscation and rootkits to avoid detection. It communicates through various protocols and services to command and control systems. The document outlines threat actors like cybercriminals, nation-states and hacktivists and recommends defenses like antivirus, firewalls, and employee training to mitigate risks.
A computer worm is a standalone malware program that replicates itself and spreads to other computers by exploiting security vulnerabilities. It uses network resources to scan for vulnerable systems and transfer itself, potentially infecting many computers and overloading networks. Notable examples of worms include Morris worm, which disrupted computers on the early Internet in 1988, and Conficker, which infected over 9 million systems worldwide in 2008. Worms are generally more infectious than viruses due to their ability to spread autonomously across networks.
This document provides an overview of computer viruses including their history, types, and signs of infection. It describes some of the earliest viruses like Creeper in the 1970s and how they primarily spread via removable media. Later viruses like Melissa and I Love You/Love Bug caused major outbreaks by spreading through email. The document also outlines different categories of viruses like worms, Trojan horses, and macro viruses, as well as techniques like polymorphism. It notes the increasing prevalence of viruses over time according to annual counts. Prevention methods like antivirus software and awareness of suspicious emails are also discussed.
This document provides an overview of viruses and worms, including how they work and different types. It begins by defining viruses as programs that can copy themselves without permission to infect computers, while worms are self-replicating programs that spread through a network. The document then covers the basic structure and components of viruses, differences between viruses and worms, and types of viruses such as boot sector, file, macro, and multipartite viruses. It also discusses worms like the Morris Worm and how they differ from viruses in spreading through a network rather than specific files or programs.
Viruses can spread from computer to computer through removable media like disks and drives, or over networks and the internet. Worms can self-replicate without needing to be transferred, while trojans appear harmless but contain malicious code. Common computer viruses include Melissa, Kangen, and I Love You, and antivirus programs like AVG, Norton, and E Scan help detect and eliminate known viruses. It is important to learn about viruses to protect computers through up-to-date antivirus software, file backups, and safe online practices.
This document discusses the development of countermeasures for self-disciplinary worms. It proposes a system to model and analyze such worms, which deliberately reduce propagation speed to avoid detection. The system would monitor worm behavior, detect dynamic and static worms, trace packets back to the original source, and eliminate attacking sources. It describes modules for worm propagation, spectrum analysis, worm detection, IP traceback, and attack source removal. Methodologies like Java, Swing, and SQL Server are discussed for implementation.
A critical look at the regulation of computer virusesUltraUploader
This document discusses the regulation of computer viruses and provides context on what computer viruses are. It defines computer viruses and discusses their evolution and different types. It also examines different legislative approaches to regulating computer viruses, from fully criminalizing virus writing to more liberal approaches. The document argues that legislation should be carefully crafted to distinguish between malicious and benign viruses, and considers factors like the role of virus research and the responsibilities of users.
This document discusses the history and types of computer viruses. It begins by describing basic types of viruses like Trojan horses, worms, and email viruses. It then defines types of viruses like boot sector viruses, program viruses, multipartite viruses, and others. The document outlines some signs that a computer may be infected. It provides examples of notable viruses from the 1980s onward like the Brain virus, Melissa virus, Love Bug virus, and others. It discusses prevention methods like using antivirus software and being cautious of emails and attachments. Overall, the document provides a comprehensive overview of the development of computer viruses and methods to protect against viruses.
Computer viruses are malicious programs that can copy themselves and infect computers. They spread by attaching themselves to files or programs that are opened. The first computer virus, called Elk Cloner, was created in 1982 as a prank and spread via floppy disks. Since then, viruses have evolved and spread via various means like email attachments, network shares, and removable media. Viruses can damage computers by deleting files, corrupting data, or overwriting data. It's important to have up-to-date antivirus software installed to scan for and remove viruses before they can infect systems.
Malware refers to malicious software like viruses, worms, and trojans. Viruses propagate by infecting other programs and spread when an infected program is run. Worms propagate without human interaction by exploiting vulnerabilities. Trojans appear desirable but are malicious, and must be run by the user. Malware spreads through websites, email attachments, links, and removable media. Anti-malware software uses signatures and behavior analysis to detect and remove malware through scanning, detection, and removal.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
2011 modeling and detection of camouflaging wormdeepikareddy123
This document summarizes a research article about detecting a new type of active worm called a Camouflaging Worm (C-Worm). The C-Worm aims to avoid detection by manipulating its scan traffic volume over time to camouflage its propagation. The researchers analyze characteristics of the C-Worm traffic in both time and frequency domains. They observe that while C-Worm traffic shows no noticeable trends over time, it demonstrates a distinct pattern in the frequency domain with a narrow concentration of frequencies. Based on this, they develop a novel spectrum-based detection scheme using power spectral density distribution and spectral flatness measure to distinguish C-Worm traffic from background traffic. Evaluation shows their scheme can effectively detect C
Trojans are malware that disguise themselves to gain access to a user's computer without their awareness. They spread by tricking users into downloading email attachments or clicking on fake advertisements. Once installed, they can allow hackers to access personal information, delete files, or use the computer as an anonymizing proxy for illegal activities. Examples include Zeus, which steals banking credentials, and CryptoLocker ransomware, which encrypts files until a ransom is paid. Trojans demonstrate that no system is immune, as shown by the Mac Flashback Trojan.
Computer viruses are small programs that spread from computer to computer and interfere with operations. They can corrupt or delete files, use email to spread, or erase hard disks. Viruses often spread as attachments but can also be hidden in downloads. Different malware like viruses, Trojans, and worms operate in various ways but must be executed to function. Viruses may play sounds, display images or text, or damage files when activated. It is important to be cautious of suspicious files and use antivirus software to prevent infections.
The document defines viruses and worms, and describes how they infect systems and spread. It provides examples of notable viruses and worms from the past, including the Morris Worm (1988), which was one of the first to spread over the Internet, and the Christmas Tree Exec worm (1987), which disrupted several computer networks. Viruses attach to and execute with other programs, while worms replicate across networks without needing to attach to other files.
The document discusses network virus detection and prevention, describing different types of viruses like worms, Trojans, and viruses, how they spread and infect systems through various techniques like overwriting files or boot sectors. It also covers methods of identifying viruses through signature-based detection or heuristics, as well as prevention techniques like generations of antivirus software and case studies of worms like Slammer and Blaster.
How computer works against thevirus or any threatSadaf Walliyani
A computer virus is a malicious program that can replicate itself and spread from one computer to another. Viruses spread by inserting copies of themselves into other executable programs or documents. They often spread via removable media like floppy disks in early computers. Different types of malware exist beyond viruses, including worms, trojans, and spyware. Antivirus software aims to detect and remove viruses using signature definitions of known viruses or by monitoring for suspicious program behavior.
This document provides an overview of computer viruses, including their history and how they function. It defines viruses and differentiates them from other types of malware like worms and Trojan horses. It describes how viruses infect systems through executable files, boot sectors, and macros. It also outlines various infection strategies used by viruses and methods they employ to avoid detection, such as avoiding bait files, using stealth techniques, and polymorphism.
This document analyzes virus algorithms and proposes guidelines for controlling viruses based on the human immune system. It discusses three stages of virus writers from novice to professional. It describes features of various virus algorithms, including their ability to cover traces, use encryption, be polymorphic, use metamorphic code, be terminate and stay resident (TSR), and use non-standard techniques. Finally, it proposes four guidelines for computer security based on analogies to the human immune system: data protection, detection of anomalous behavior, isolation of infected systems, and development of adaptive security systems.
Computer security involves protecting computers and networks from hardware theft and vandalism. Some techniques used include locked doors and windows, alarm systems, cables to lock equipment down, and small locking devices for hard disks and optical drives. For mobile devices, tracking software, passwords, and biometrics can provide protection and deterrence against theft. Anti-theft measures aim to render stolen hardware useless to thieves.
This document discusses modern malware threats and techniques. It defines malware and describes traditional vs modern malware approaches. Modern malware uses stealthy techniques like obfuscation and rootkits to avoid detection. It communicates through various protocols and services to command and control systems. The document outlines threat actors like cybercriminals, nation-states and hacktivists and recommends defenses like antivirus, firewalls, and employee training to mitigate risks.
A computer worm is a standalone malware program that replicates itself and spreads to other computers by exploiting security vulnerabilities. It uses network resources to scan for vulnerable systems and transfer itself, potentially infecting many computers and overloading networks. Notable examples of worms include Morris worm, which disrupted computers on the early Internet in 1988, and Conficker, which infected over 9 million systems worldwide in 2008. Worms are generally more infectious than viruses due to their ability to spread autonomously across networks.
This document provides an overview of computer viruses including their history, types, and signs of infection. It describes some of the earliest viruses like Creeper in the 1970s and how they primarily spread via removable media. Later viruses like Melissa and I Love You/Love Bug caused major outbreaks by spreading through email. The document also outlines different categories of viruses like worms, Trojan horses, and macro viruses, as well as techniques like polymorphism. It notes the increasing prevalence of viruses over time according to annual counts. Prevention methods like antivirus software and awareness of suspicious emails are also discussed.
This document provides an overview of viruses and worms, including how they work and different types. It begins by defining viruses as programs that can copy themselves without permission to infect computers, while worms are self-replicating programs that spread through a network. The document then covers the basic structure and components of viruses, differences between viruses and worms, and types of viruses such as boot sector, file, macro, and multipartite viruses. It also discusses worms like the Morris Worm and how they differ from viruses in spreading through a network rather than specific files or programs.
Viruses can spread from computer to computer through removable media like disks and drives, or over networks and the internet. Worms can self-replicate without needing to be transferred, while trojans appear harmless but contain malicious code. Common computer viruses include Melissa, Kangen, and I Love You, and antivirus programs like AVG, Norton, and E Scan help detect and eliminate known viruses. It is important to learn about viruses to protect computers through up-to-date antivirus software, file backups, and safe online practices.
This document discusses the development of countermeasures for self-disciplinary worms. It proposes a system to model and analyze such worms, which deliberately reduce propagation speed to avoid detection. The system would monitor worm behavior, detect dynamic and static worms, trace packets back to the original source, and eliminate attacking sources. It describes modules for worm propagation, spectrum analysis, worm detection, IP traceback, and attack source removal. Methodologies like Java, Swing, and SQL Server are discussed for implementation.
A critical look at the regulation of computer virusesUltraUploader
This document discusses the regulation of computer viruses and provides context on what computer viruses are. It defines computer viruses and discusses their evolution and different types. It also examines different legislative approaches to regulating computer viruses, from fully criminalizing virus writing to more liberal approaches. The document argues that legislation should be carefully crafted to distinguish between malicious and benign viruses, and considers factors like the role of virus research and the responsibilities of users.
This document discusses the history and types of computer viruses. It begins by describing basic types of viruses like Trojan horses, worms, and email viruses. It then defines types of viruses like boot sector viruses, program viruses, multipartite viruses, and others. The document outlines some signs that a computer may be infected. It provides examples of notable viruses from the 1980s onward like the Brain virus, Melissa virus, Love Bug virus, and others. It discusses prevention methods like using antivirus software and being cautious of emails and attachments. Overall, the document provides a comprehensive overview of the development of computer viruses and methods to protect against viruses.
Computer viruses are malicious programs that can copy themselves and infect computers. They spread by attaching themselves to files or programs that are opened. The first computer virus, called Elk Cloner, was created in 1982 as a prank and spread via floppy disks. Since then, viruses have evolved and spread via various means like email attachments, network shares, and removable media. Viruses can damage computers by deleting files, corrupting data, or overwriting data. It's important to have up-to-date antivirus software installed to scan for and remove viruses before they can infect systems.
Malware refers to malicious software like viruses, worms, and trojans. Viruses propagate by infecting other programs and spread when an infected program is run. Worms propagate without human interaction by exploiting vulnerabilities. Trojans appear desirable but are malicious, and must be run by the user. Malware spreads through websites, email attachments, links, and removable media. Anti-malware software uses signatures and behavior analysis to detect and remove malware through scanning, detection, and removal.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Este documento explica las máquinas simples, incluyendo las poleas, los planos inclinados y las palancas. Describe que las palancas se clasifican en tres tipos dependiendo de la posición del fulcro, la fuerza aplicada y la resistencia. También define los mecanismos como conjuntos de elementos que cumplen una función específica y menciona algunos ejemplos como la rueda de fricción y los engranajes.
O documento discute as tendências do mercado de viagens corporativas no Brasil em 2011. Ele destaca a consolidação do setor, a necessidade de agregar mais valor aos serviços, e as viagens corporativas se tornarem mais curtas e econômicas, focadas na produtividade. Também discute as tendências de parcerias de longo prazo com fornecedores, a migração para modelos de prestação de serviços, e o uso crescente de tecnologias como sistemas de monitoramento de viajantes.
O documento descreve o dossiê do professor, incluindo sua função, estrutura e normas. O dossiê é usado para avaliar o desempenho docente e contém 10 separadores com documentos obrigatórios e facultativos sobre objetivos, assiduidade, serviço, preparação de aulas, avaliação de alunos e participação do professor.
La Unión Europea ha propuesto un nuevo paquete de sanciones contra Rusia que incluye un embargo al petróleo ruso. El embargo se aplicaría gradualmente durante seis meses para el petróleo crudo y ocho meses para los productos refinados. El objetivo es aumentar la presión sobre Rusia para que ponga fin a su invasión de Ucrania.
Este documento presenta información sobre Pamela Triviño Acosta y Samuel López en Informática Aplicada en 2012-2013. Define los tics como movimientos musculares involuntarios y describe cómo las tecnologías de la información y comunicación (TICs) pueden usarse para facilitar trámites en línea, atención médica a distancia, reducir el analfabetismo digital y mejorar la productividad de las empresas.
A escola deve ser um lugar de vivência respeitosa e orgulho das conquistas humanas, onde os conteúdos educacionais transmitem valores e habilidades aos alunos. O Proinfo auxilia os professores com a TV Escola, mídias educacionais, conteúdos para a educação infantil e formação continuada, além da Rádio Escola.
Riscos relacionados às mudanças climáticas podem afetar os negócios. Quatro tipos principais de riscos foram identificados: físicos, regulatórios, de reputação e litígios. Alguns setores como transporte, finanças, turismo e saúde estão particularmente expostos a esses riscos devido a baixos níveis de preparação. Melhores práticas incluem entender melhor esses riscos específicos e se preparar para mitigá-los.
Este documento presenta el sílabo del Módulo I del Diplomado en Investigación Científica de 2012. El módulo se centra en las bases epistemológicas de la investigación científica a través de cuatro sesiones que cubren temas como las corrientes epistemológicas, los problemas epistemológicos y las controversias metodológicas. Los objetivos son reconocer las principales corrientes epistemológicas y jerarquizar los enfoques epistémicos en referencia a su validez. El
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
O documento fornece os resultados da primeira avaliação do ano letivo de 2010-2011 no Instituto de Ensino Secundário "Manuel Cañadas" em Moraleda de Zafayona, Espanha. Ele lista o número total de alunos em cada turma do 1o ao 4o ano, separando o número de alunos e alunas.
O documento discute a regulamentação da atividade de analista de investimentos no Brasil. A Instrução CVM 388 precisa ser aprimorada para acompanhar o crescimento do mercado. A minuta colocada em audiência pública propõe maior responsabilidade das entidades credenciadoras, regras de conduta mais rígidas e flexibilização de algumas exigências. A intenção da CVM é melhorar a qualidade das análises sem burocracia desnecessária.
C-Worm Traffic Detection using Power Spectral Density and Spectral Flatness ...IOSR Journals
This document summarizes a research paper that proposes new schemes called Power Spectral Density (PSD) and Spectral Flatness Measure (SFM) to detect camouflaging worms (C-worms). C-worms can hide their scan traffic to avoid detection by traditional anti-worm software. The schemes are based on analyzing differences between normal worm traffic and C-worm traffic in the frequency domain, since they cannot be differentiated in the time domain. Experimental results showed that PSD and SFM were effective at detecting C-worms by identifying differences in their scan traffic patterns compared to normal worms when analyzed in the frequency domain. The document provides background on worms, C-worm modeling and propagation, and evaluates the
A computer worm is a self-replicating malware program that spreads across a network without user intervention by exploiting security vulnerabilities. Worms replicate by using network resources which can slow networks and systems. While some are designed only to spread, others have payloads that can delete files, encrypt files in ransomware attacks, or install backdoors for remote control in botnets. Protecting against worms involves keeping systems patched, using antivirus software, firewalls, and avoiding opening unexpected email attachments or visiting unknown websites.
Computer viruses are a nightmare for the computer world. It is a threat to any user who uses a computer network. The computer will not be infected by a virus if the computer is not connected to the outside world. In this case, this is the internet. The Internet can be used as a medium for the spread of the virus to the fullest. There are many types of viruses that are spread through the internet. Some of them are aimed at making money, and there are only as a disrupt activity and computer performance. Some techniques are done to prevent the spread of the virus. Here will be explained how to tackle the virus optimally. The benefit is that the computer used will be free from virus attacks and safe to exchange data publicly. Techniques used include the prevention and prevention of viruses against computer networks are to know the characteristics and workings of the virus.
This document discusses the detection of "smart worms", which are malicious software programs that can intelligently manipulate their scanning behavior to avoid detection. The authors propose a novel spectrum-based scheme to detect smart worms using power spectral density analysis of traffic volumes. Their scheme analyzes the spectral flatness measure of worm traffic compared to background traffic. Evaluation results demonstrate the scheme can effectively detect smart worm propagation and outperforms existing detection methods. The authors also show it can detect traditional worms.
Virus detection based on virus throttle technologyAhmed Muzammil
In the Internet age, virus epidemics are getting worse than before, making the networks slow, computers slow, suspending mission critical operations and so on.
In this paper, a new technique for virus detection based on virus throttle technology is presented. This technique allows detecting attacks on networks within seconds of possible virus affection.
The special feature of this technology is that its virus detection algorithm is based on the network behavior of the virus and not on identification of virus code. So it is possible to detect even unknown viruses without any signature updates.
Biologically inspired defenses against computer virusesUltraUploader
This document discusses two biologically inspired approaches to computer virus detection and removal: a neural network virus detector that learns to identify infected and uninfected programs, and a computer immune system that can automatically identify, analyze, and remove new viruses from a system. The neural network technique has been incorporated into an IBM commercial antivirus product, while the computer immune system is still in prototype form. Both aim to replace human analysis of viruses to allow faster response times needed to address increasing rates of new virus creation and spread.
This document discusses worms in local area networks and proposes a new approach to detect and stop worm attacks. It begins by describing how worms can quickly spread and take control of all systems in a LAN. The proposed approach detects worms by analyzing where they typically copy themselves and using Snort rules to identify infectious packets flowing between systems. It then provides background on common worms and how they spread. The document outlines the proposed model and discusses how it would detect worms either by their copying locations or infectious packet contents.
2011 modeling and detection of camouflaging wormdeepikareddy123
This document summarizes a research article about detecting a new type of active worm called a Camouflaging Worm (C-Worm). The C-Worm is able to manipulate its scan traffic volume over time to camouflage its propagation and avoid detection by existing systems. The researchers analyze characteristics of the C-Worm traffic in both time and frequency domains. They observe that while C-Worm traffic shows no trends in time, it demonstrates a distinct pattern in frequency with concentration in a narrow range of frequencies. Based on this, they develop a novel spectrum-based detection scheme using power spectral density distribution and spectral flatness measure to distinguish C-Worm traffic from background traffic. Evaluation shows their scheme can
Malware is any harmful program or file that can steal, encrypt, or delete sensitive data. Common types of malware include viruses, worms, Trojan horses, and spyware. Malware can perform a variety of malicious functions like altering core computing functions, monitoring users' activity without permission, and stealing or deleting sensitive information. One of the first examples of malware was the Creeper worm created in 1971 as an experiment, which spread from computer to computer without permission while displaying messages. Malware has evolved over time and now includes different types like viruses, worms, ransomware, spyware, and more that can infect devices and compromise users' data and privacy.
1Running Head COMPUTER WORMS MALWARE IN CYBER SECURITY14COM.docxdrennanmicah
1
Running Head: COMPUTER WORMS MALWARE IN CYBER SECURITY
14
COMPUTER WORMS MALWARE IN CYBER SECURITY
COMPUTER WORMS MALWARE IN CYBER SECURITY
Praveen Ranghavajhala
201696
Abstract
Generally, there are numerous current research which deals with diverse types of computer worms in both the computing as well as the technological world. This respective report will therefore analyze the current research done on the computer works. In addition, it will reflect on the various malware attacks which may be a subsequent of any given cyber security breach (Sari, 2018). The research conducted will essentially have an integral objective of locating the characteristics of the various computer worms as well as diverse types of computer malware that generally affects the functioning of the computing field.
This prospective research conducted will additionally facilitate the impact of such malware attacks on the computers as well as the networking systems. To effectively analyze these phenomena, the research utilized secondary data collection mechanism in its various navigated data acquisition (Sari, 2018). The research significantly employed the use of exploratory approach as well as the deductive research design which was majorly utilized by the respective researchers who conducted this prospective research. It will conclusively prescribe various methods to hibernate and reduce such malware and worms attack on the computers. This will exclusively minimize the rampant effects of malware attacks on computers hence improving the computer functioning.
Introduction
Cyber security can be described as an inclusion of various tactics that are meant to protect computers, networks, program as well as data from any illicit access or breach hence resulting to malware attacks. Such attacks can be elaborated as an aim for the corruption. Cyber security in addition can be termed to be a protective measure towards the consumption ability, veracity as well as the respective security of the network. There are various parameters that can be put in place to protective massive threats from assessing their intended targets. Such parameters include using the anti-virus as well as anti-spyware. In addition, other measures can be taken such as mounting firewalls to repel or resist any unauthorized admission to the computer system. Other preventive actions that can be essentially utilized include intrusion prevention systems. These intrusion prevention systems generally identify quick affecting risks such as zero-hour attacks hence lessening occurrences of such attacks.
Generally, the protection of personal as well as professional data from cyber threats is basically an urgent necessity in the world today. This is where the cyber security interrupts in for the rescue of such protection of personal information as wel.
This document defines and discusses various types of malware such as computer viruses, worms, and zombies. It provides a timeline of notable computer viruses from 1981-1988 and describes how viruses spread and the damage they can cause. The document also defines worms and discusses the Morris worm of 1988. It then covers topics such as distributed denial of service attacks, the MyDoom virus of 2004, and different types of viruses like boot sector and email viruses. Prevention methods and the decline of traditional viruses are also summarized.
This document defines viruses and worms, and outlines their history. It discusses how viruses spread by inserting copies of themselves into other programs, while worms are self-contained programs that spread across networks. The Morris worm of 1988 was one of the first major worms. Later, viruses spread via email with examples like Melissa and ILOVEYOU. Denial of service attacks also became an issue, like with MyDoom in 2004. Prevention methods include software updates, antivirus programs, and more secure operating systems.
The top sources of virus attacks are highlighted below: Downloadable Programs Cracked Software Email Attachments Internet Booting From CD. 10. Best antivirus software. Norton antivirus. MacAfee virus scan Kaspersky antivirus. 11. Norton antivirus Norton antivirus is a product of Symantec corporation.The top sources of virus attacks are highlighted below: Downloadable Programs Cracked Software Email Attachments Internet Booting From CD. 10. Best antivirus software. Norton antivirus. MacAfee virus scan Kaspersky antivirus. 11. Norton antivirus Norton antivirus is a product of Symantec corporation.
This document defines viruses and worms, and outlines their history. It discusses how viruses spread by inserting copies of themselves into other programs, while worms are self-contained programs that spread across networks. The Morris worm of 1988 was one of the first major worms. Later, viruses spread via email with examples like Melissa and ILOVEYOU. MyDoom in 2004 was a major virus that caused widespread outages through distributed denial of service attacks. Prevention methods against viruses and worms include software updates, antivirus programs, and more secure operating systems.
This document defines viruses and worms, and outlines their history. It discusses how viruses spread by inserting copies of themselves into other programs, while worms are self-contained programs that spread across networks. The Morris worm of 1988 was one of the first major worms. Later, viruses spread via email with examples like Melissa and ILOVEYOU. MyDoom in 2004 was a major virus that caused widespread internet disruption through distributed denial of service attacks. Prevention methods against viruses and worms include software updates, antivirus programs, and more secure operating systems.
A computer virus is a type of malicious software, or malware, that spreads between computers and causes damage to data and software. Computer viruses aim to disrupt systems, cause major operational issues, and result in data loss and leakage.
This document defines viruses and worms, and outlines their history. It discusses how viruses spread by inserting copies of themselves into other programs, while worms are self-contained programs that spread across networks. The Morris worm of 1988 was one of the first major worms. Later, viruses spread via email with examples like Melissa and ILOVEYOU. MyDoom in 2004 was a major virus that caused widespread internet disruption through distributed denial of service attacks. Prevention methods against viruses and worms include software updates, antivirus programs, and more secure operating systems.
Computer infections and protections(final)allisterm
This document discusses computer infections like viruses, worms, and trojans. It describes viruses as programs that can copy themselves and infect other computers. Worms search for and implant code onto other systems through networks. Trojans appear harmless but later present malicious functions. The document also outlines protections like antivirus software, firewalls, and user education recommendations.
This document discusses various types of program and system threats including Trojan horses, trapdoors, buffer overflows, worms, viruses, and denial of service attacks. A Trojan horse masquerades as legitimate software to gain unauthorized access. Trapdoors are secret vulnerabilities built into programs by designers. Buffer overflows occur when more data is input than a program expects, potentially allowing code execution. Worms self-replicate to spread while viruses require host files or human action. Examples like the Morris worm and Love Bug virus are provided. Protection involves antivirus software and safe computing practices. The key differences between worms and viruses are also outlined.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Essentials of Automations: Exploring Attributes & Automation Parameters
Eh34803812
1. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
803 | P a g e
Classification of Different Computer Worms with Dynamic Detection
Using Victim Number Based Algorithm
Ravinder Nellutla Asst. Prof.1
, Vishnu Prasad Goranthala Assoc. Prof.2
Fasi Ahmed Parvez Assoc.Prof.3
1
(Department of Information Technology, Kamala Institute of Technology and Science, Singapur, Huzurabad,
Karimnagar.
2
(Department of Computer Science and Engineering / Information Technology, Balaji Institute of Engineering
Sciences, Laknepally, Narsampet, Warangal.
3
(Department of Computer Science and Engineering / Information Technology, Balaji Institute of Engineering
Sciences, Laknepally, Narsampet, Warangal.
ABSTRACT
The Internet has developed to give many
benefits to mankind. The access to information being
one of the most important. Worms cause major
security threats to the Internet. Worms are software
components that are capable of infecting a computer
and then using that computer to infect another
computer. The cycle is repeated, and the population
of worm-infected computers grows rapidly. Smart
worms cause most important security threats to the
Internet. The ability of smart worms spread in an
automated fashion and can flood the internet in a very
short time. In this paper, first, we present an analysis
on potential scan techniques that worms can employ
to scan vulnerable machines. In particular, we find
that worm scan choose targets more carefully than
the random scan. A worm that scans only IP
addresses announced in the global routing table can
spread faster than a worm that employs random scan.
In fact, scan methods of this type have already been
used by the Slapper worm. These methods reduce the
time wasted on unassigned IP addresses. They are
easy to implement and pose the most imminent
menace to the Internet. We analyzed different scan
methods and compared them, we find that the victim
number based algorithm can dramatically increase
the spreading of speed of worms.
Key terms: Worms, Network security, Random
Scan, Virus, Victim Number Based Algorithm,
I. Introduction
Worms are one of the most ill defined
concepts in Network Security. There is still no
universal consensus on the definition of the worm.
Usually worms and viruses display similar
characteristics and their intention is also similar. To
define worms, we will use the following points and
then define worm based on these points.
The propagation of the worm is based on
exploiting vulnerabilities of computers on the
Internet. Many real-world worms have caused
notable damage on the Internet. These worms include
“Code-Red” worm in 2001 [1], “Slammer” worm in
2003 [2], and “Witty”/ “Sasser” worms in 2004 [3].
Many active worms are used to infect a large number
of computers and recruit them as bots or zombies,
which are networked together to form botnets [4].
Worms can start on a host (Computer) in various
fashions. It may be an attachment to a mail and when
the attachment is opened, will execute the code
written in the worm. This is called "invocation by
human intervention". It may also start without any
human intervention. For example, rebooting the
system. It affects the host. In contrast to computer
viruses, it can affect anything on the host. It may
corrupt the files on the host. It may affect
communication of the host with other systems. It may
disable the anti-virus software on the host, which will
enable it to cause more damage. Computer Viruses in
the other hand are very specific to files. Worms have
a broader scope of attack than viruses. Worms are
self replicating codes. This is the most distinct feature
of a worm. Once they infect a host, they will try to
find a nearby host which they can access, and copy
themselves to that host. There it will perform the
same actions that it performed on the original host.
"A worm is a computer program, which can self-
replicate and propagate over the network, with or
without human intervention, and has malicious
intent."
1.1. Differences between virus and worms:
VIRUS WORM
A Virus is a program
that is designed to
spread from file to file
on a single Pc.
A worm is designed to
copy itself (intentionally
move) from PC to PC, via
networks, internet etc.
It does not
intentionally try to
move to another PC.
A worm does not need a
host file to move from
system to system, where as
a virus does.
It must replicate and
execute itself to be
defined as a virus
Worms spread more
rapidly than viruses.
2. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
804 | P a g e
II. RELATED WORK
1.1. Active worms:
Active worms are similar to biological
viruses in terms of their infectous and self-
propagating nature. They identify vulnerable
computers, infect them and the worm-infected
computers propagate the infection further to other
vulnerable computers. In order to understand worm
behavior, we first need to model it. With this
understanding, effective detection and defense
schemes could be developed to mitigate the impact of
the worms. For this reason, tremendous research
effort has focused on this area.
Active worms use various scan mechanisms
to propagate themselves efficiently. The basic form
of active worms can be categorized as having the
Pure Random Scan (PRS) nature. In the PRS form, a
worm-infected computer continuously scans a set of
random Internet IP addresses to find new vulnerable
computers. Other worms propagate themselves more
effectively than PRS worms using various methods,
e.g., network port scanning, email, file sharing, Peer-
to-Peer (P2P) networks, and Instant Messaging (IM)
[7], [8]. In addition, worms use different scan
strategies during different stages of propagation. In
order to increase propagation efficiency, they use a
local network or hitlist to infect previously identified
vulnerable computers at the initial stage of
propagation [13], [14]. They may also use DNS,
network topology, and routing information to identify
active computers instead of randomly scanning IP
addresses [10], [11]. They split the target IP address
space during propagation in order to avoid duplicate
scans [10]. Li et al. [12] studied a divide-conquer
scanning technique that could potentially spread
faster and stealthier than a traditional random-
scanning worm. Ha and Ngo [5] formulated the
problem of finding a fast and resilient propagation
topology and propagation schedule for Flash worms.
Yang et al. [6] studied the worm propagation over the
sensor networks.
III. Worm Detection
The main focus of this section is to detect
worms using various scan techniques. Worm scan
detection is raising an alarm upon sensing anomalies
that are most likely caused by large scale worm
spreads. Our goal is to quickly detect unknown
worms on large enterprise networks or the Internet
while making the false alarm probability as low as
possible. In the following sections, we first present
our generic worm detection architecture. We then
present the design and analysis of a simple detection
algorithm, called, victim number based algorithm.
I. Popular Worms
3.1. Creeper Worm
Released in early 1970's and written by Bob
Thomas, it was an experimental program to
demonstrate the power of programming. Most of the
worms written at the time were a result of fascination
for self replicating programs by the programmers.
There was not malicious intent and the worms did not
hide. They were sent in clear. The Creeper worm was
written to infect DEC PDP-10 computers running the
TENEX operating system. The program used the
ARPANET to propagate from node to node and
display a message "I'm the creeper, catch me if you
can!" A program, Reaper, was written to counter
Creeper.
3.2. Morris Worm
Released in 1988 and authored by Robert
Tappen Morris, was the first known worm that had
malicious intent. According to the author, the worm
was not suppose to cause any damage and was
intended to gauge the size of the internet. It however,
did cause DoS attacks. The worm exploited the
vulnerabilities of Unix sendmail, rsh/rexec and weak
passwords. The worm initiated a process on the host
and found new hosts to propagate the code. Once it
found a new host it would copy itself to the new host
and start an additional process there. The worm has a
condition to check if the worm is already running on
the host. But Morris has programmed in such a way
that the worm propagated to the new host even if the
answer was "Yes". Every new instance of the worm
on the host caused an additional process to be
launched. And each new process slowed the system
down until the system was unusable. The Morris
worm is also considered as the Great Worm as it was
first of its kind and it demonstrated the amount of
impact such programs can have if they are not
secured. It also changed the perception of system
Downtime and Internet Security forever.
3.3. Melissa Worm
This was a worm that caused wide spread
damage to the internet and for the first time huge
losses to everyone around the planet. It caused over
400 million USD in damages across the globe and
shutdown many organizations. It was written as a
MACRO on Microsoft Word Document and this
helped its widespread propagation. It was released in
Mid March 1999 and was authored by David L.
Smith. The worm was very simple in its concept, but
demonstrated a new technique to propagate. Many of
the worms that were written in the years to come,
were derived from this concept in one way or
another. The worm was present in the MACRO of a
MS-WORD document and propagated as a document
that supposedly contained passwords for 80
pornographic sites. If the user opened this document,
and many of them did, it would execute the MACRO.
Once the MACRO was executed, it would pick up
the first 50 contacts from the users address book and
mail a copy of itself to all the addresses. Since the
worm was essentially an email worm and it mailed 50
3. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
805 | P a g e
address every time it infected a new host, many mail
servers were clogged with the mails. This caused a
wide spread DoS attack. Most of the techniques used
by this worm laid the foundation or methodology for
many variants and newer worms. Papa and Syndicate
are two such variants.
3.4. Explore Zip
This worm took the concept of Melissa
worm one step further. Melissa worm was not
designed to reside on the system. ExploreZip was.
The worm propagated via email, just like Melissa,
and was present in an attachment called
ZIPPED_FILES.exe. Once the user opened the
attachment, the worm would seem like a self
extracting zip archive and then error out. Behind the
scenes it would install itself on to the system and
register itself in the Windows Registry. The worm
would then stay dormant and do nothing. When the
user reboots the system, the worm would get
activated and mail a copy of itself to all the people in
the address book of the user on the host. It would also
delete all the C and C++ source files from the hard
drive. There is no record of the amount of damage
done by this worm. Since all the computers are not
started at the same time, it is unlikely that this worm
could have caused any DoS attack. It was not
instantaneous like Melissa.
3.5. I Love You
This was the first worm to take the cost of
damage to billions of USD. An estimated damage
caused by this worm was between 5 and 10 billion
USD. The worm was written in VB Script and
propagated as an attachment in the email with a
message "ILOVEYOU". When users opened this
attachment, it would register itself onto the Windows
Registry. This would activate the worm after every
restart of the system. It would then, search all the
drives connected to the host for all files with
extensions *.JPG, *.JPEG, *.VBS, *.VBE, *.JS,
*.JSE, *.CSS, *.WSH, *.SCT, *.DOC *.HTA,
*.MP3, *.MP2 and rename them to .VBS. It also had
a component called WIN- BUGSFIX.EXE" or
"Microsoftv25.exe". This was a password stealing
program. The worm propagated across the network
by using the addresses present in the address book of
the user. Since the worm activated immediately and
also on restart of the PC, the amount of email it
generated crippled many mail servers and also
individual PCs. The worm was allegedly authored by
Irene, Onel de Guzman and Reomel Lamores from
Philipines.
3.6. Code Red
This worm took the approach to attacking in
a completely different direction. Instead of relying on
mails address in the user's contact list, it performed
network scanning and used the IP addresses
connected to the host as a vector for propagation. It
attacked the IIS servers and defaced many websites.
It used the vulnerability of buffer overflows on IIS
servers to execute binary code on the hosts. The
initial worm did not check if the new host has
windows or was running IIS. It also did not check if
the IP address it was trying to access exists. The later
versions of this worm were more inclined towards the
local subnet rather than accessing some random IP.
The total cost of damage was about 1.2 billion USD.
It demonstrated a new technique or worm
propagation.
3.7. Nimda
This was the next generation worm in its
own league. It had 4 different propagation vectors. It
could propagate via Websites, LAN, Emails and as
executables. In emails it was disguised as a BASE-
64(Binary) file readme.exe in the MIME Section. It
would pick up the address retrieved from the user's
MAPI Service. In the browser mode of propagation,
the worm would rename many of the system files to
.html and .asp. These pages would get executed and
download the worm onto the machine, thus infecting
the host. In the LAN Mode, it would copy itself on to
all the writable shared directories that it could find. If
the remote user opened these shared drives and if the
"auto preview" option was enabled, the worm would
infect the remote computer. It would them repeat the
same process on the remote PC. The estimated cost
of damage of this worm was about 8.75 billion USD.
3.8. Mydoom
This was the most notorious worms of all
times with the highest damage of 22 billion USD. It
propagated as a "Sending Failed" mail from the mail
server and asked the user to click on the attachment
to resent the mail. If the user opened the attachment,
it would show that it's resending the mail and in
parallel, installed the Understanding Worms. The
worm would then send a copy of itself to all the
address in the address book and also copy itself to
Peer-to-Peer shared drives. The worm also opened a
back door for the hacker to get back anytime .
3.9. Sasser
This worm was unique in the manner in
which it was developed. The worm was reverse
engineered from one of the patches provided for
Microsoft Windows. The worm would exploit the
vulnerability the patch was suppose to address and
was targeted at systems that had not installed the
update yet. It did not portray any new technological
advance from the way the worm behaved. But the
design of the worm was a step further in worm
innovation. It targeted the LSASS component that
represents Buffer Overflow and executed binary code
on the hosts. Since buffer overflow causes erratic
4. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
806 | P a g e
behavior or shutdown of the system, many
organizations across the globe went down almost
instantaneously. It caused a damage of over 14 billion
USD and was authored by Sven Jaschan.
I. Worm Characteristics
Worms can be categorized by their target discovery
technique, propagation carrier and distribution
mechanism, activation and payload [8].
4.1 Target Discovery
Target discovery is the first step of the worm
propagation, the purpose being to detect new hosts to
infect. There are several possible techniques by
which a vulnerable target can be discovered: by
scanning, by use of various target lists and by passive
monitoring [15]. Many of the most effective worms
combine several of these techniques in order to use
the best from
each technique.
4.1.1.Scanning
The scanning technique involves probing a
set of addresses in order to detect vulnerable hosts.
The simplest forms of scanning are sequential and
random scanning. The former implies probing
addresses sequentially from an address block, while
the latter implies trying addresses from an address
block in a pseudo-random fashion. Their simplicity
makes them frequently used. To increase the
efficiency of the target discovery mechanism, worm
authors have suggested several optimizations for
scanning worms. One optimization is the preference
for local addresses in order to reduce latency. This is
commonly referred to as island hopping because the
worm’s spreading pattern tends to resemble islands.
In addition to reducing latency, island hopping will
also reduce the number of encounters, and thereby
possible detections and failed infection attempts,
with firewalls and NATs. At the same time, it makes
the worm more vulnerable in its initial stage, as total
containment is possible if the worm is detected and
isolated while still infecting hosts in the initial local
network [15]. Another optimization is a bandwidth-
limited scanner which implies that the scanning
process is limited by the bandwidth of the
compromised host, not by the latency of connection
requests, as is often the case [17]. The use of
scanning causes highly anomalous behavior as it
generates a lot of traffic that differs from normal
traffic. This makes the worms easier to detect.
4.1.2.Target Lists
Target discovery can also be carried out
through the use of target lists. Worms utilizing such
lists are often referred to as hit list worms and are
characterized by their extremely rapid spreading
speed. One example is the use of pre-generated target
lists where a set of hosts known or suspected to be
vulnerable to attack is gathered in advance and is
included in the actual worm payload. A small target
list of this kind could be used to accelerate the
spreading of a scanning worm, while a complete list
could create a flash worm which is further elaborated
in section 3.4.3. An externally generated target list is
a target list not included in the worm’s payload, but
maintained by a separate server. The list can be
downloaded to infected machines in order to select
new victims. An externally generated target list
located at a central server makes it easy to issue
updated target lists, but at the same time, if the
central server is compromised the worm may be
prevented from further propagation [15]. Yet another
example of a target list is the host-based lists in
which the worm utilizes information stored on the
infected host to decide which hosts to attack next.
Worms utilizing host-based lists for target discovery
are called topological worms.
4.1.3.Passive Monitoring
Worms using a passive monitoring
technique are not actively searching for new victims.
Instead, they are waiting for new targets to contact
them or rely on the user to discover new targets.
Although passive worms tend to have a slow
propagation rate, they are often difficult to detect
because they generate modest anomalous
reconnaissance traffic.
4.2. Propagation Carrier and Distribution
Mechanism
There are three possible methods by which a
worm can propagate from an infected host to an
uninfected one [15].
4.2.1. Self-Carried
A self-carried worm transmits itself as part
of the infection process. This mechanism is
commonly used when the initial attack is directly
followed by the worm payload transmission, as is the
case with self-activating and topological worms.
4.2.2. Second Channel
Some worms require a second
communication channel in order to complete the
infection process. One example is to have the victim
host request the transfer of the actual worm code to
complete the infection.
4.2.3. Embedded
An embedded worm transmits itself as part
of a normal communication channel by appending
itself to, or replacing, an existing payload. This yields
modest anomalous traffic related to propagation and
could be combined with a stealthy target discovery
5. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
807 | P a g e
mechanism, like the passive monitoring mechanism
described in the previous section, in order to create a
stealthy worm.
4.3. Activation
The means by which a worm is activated on
a newly infected host drastically affects its
propagation speed.
4.3.1. Human Activity-Based Activation
Some worms are activated when the user
performs some activity, like resetting the machine,
logging onto the system and thereby running the
login scripts or executing a remotely infected file.
Evidently, such worms do not spread very rapidly.
4.3.2. Scheduled Process Activation
A faster spreading speed than the previous
activation method is achieved by worms that rely on
some scheduled process for activation. An example is
automatic software updates, which can be used to
install and run malicious software (e.g., a worm).
Earlier versions of automatic update services were
more susceptible to this kind of attack as they rarely
employed any authentication.
4.3.3. Self Activation
The fastest spreading worms are the ones
that are able to activate themselves by initiating their
own execution as soon as the infection process is
completed. This is done by exploiting vulnerabilities
in a service that is always running and available, or in
the libraries that these services use. The worms
activate themselves by attaching themselves to the
running service or by executing commands using the
permissions associated with those services.
4.4. Payload
The worm code not related to propagation is
called the worm payload. It can vary significantly
depending on the goals of the worm’s author. Some
examples are presented in this section.
4.4.1. None/Nonfunctional
The most common payload is actually no or
a nonfunctional payload. Even with no payload, the
worm can still consume considerable network and
computer resources, as well as advertising vulnerable
hosts.
4.4.2.Remote Control
Some payloads can open backdoors on
victim machines in order to make remote control of
the captured machines possible by bypassing the
usual security access procedures. By introducing a
trojan horse to the infected machine, it is possible to
gain access to files that normally require certain user
privileges [17].
4.4.3. Denial of Service (DoS)
A commonly used payload is to issue a
Denial of Service attack against one or several web
sites. The effect of a DoS attack increases with the
number of nodes participating in the attack. A large
worm network can cause large damage by issuing a
Distributed DoS (DDoS) attack, where all the worm
nodes simultaneously launch attacks against the same
web site.
4.4.4. Data Collection
An increasing amount of sensitive
information is stored electronically these days. Worm
payload can search for this type of information (e.g.,
credit card numbers). Findings could be encrypted
and transmitted through various channels.
4.4.5. Data Damage
Data damage is likely to become a popular
worm payload, like it has been for some time for
computer viruses. It can be used to erase or
manipulate data on the infected host, or even to
encrypt data in order to extort the owner of the
information.
II. ARCHITECTURE FOR WORM
DETECTION
In order to detect scanning worms, we need to
observe various anomalies that are most likely caused
by worms. These anomalies can be observed either at
end hosts, on local networks, or in the global Internet.
The advantage of observing anomalies from the
global Internet is that we can detect worm faster and
differentiate the worm scans from local events. In this
section, we present a generic architecture for worm
detection in the global Internet.
5.1.A Generic Worm Detection Architecture
Monitoring traffic towards a single network
is often not enough to detect a worm attack. This is
because worms may have already spread widely in
the Internet but have not infected the monitored
network yet, or worms may never infect the
monitored network at all. Therefore, we need to
deploy multiple monitoring points on various
networks and aggregate the information thus
obtained. To achieve this, we propose a distributed
worm detection architecture. The architecture
monitors the network behavior at different places. By
gathering information from different networks, a
detection control center can determine the presence
of a large scale worm attack. Problems such as where
the monitors should be deployed, what needs to be
monitored in the network and how the information
obtained by monitoring should be aggregated, have to
be considered in designing the detection architecture.
We propose a generic traffic monitoring and worm
detection architecture as shown in Fig. 5. The
architecture is composed of a detection control center
6. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
808 | P a g e
and a number of monitoring components. The
monitoring components pre-analyze the traffic and
send preliminary results or alarms to the detection
control center. The detection control center collects
these reports from the monitoring components and
makes the final decision on whether there is anything
serious happening. To avoid single point of failure
and to reduce the overload of control center, we may
have multiple detection control centers to share the
load of computation and communication. In this
paper, we focus on evaluating the performance of our
system for worm detection, and will not discuss about
the detailed design and implementation of the
detection control center and monitoring components.
Fig.1.
5.2. Victim Number Based Algorithm
Using the detection architecture, we need to
design algorithms to detect anomalies caused by
worms. Since a new worm's signature is not known
beforehand, a small number of packets is not enough
to detect the worm. It is abnormal to find a large
amount of scan traffic sent towards inactive
addresses. This is, how-ever, prone to false alarms
because the scan traffic can be caused by other
reasons (such as DDOS and soft-ware errors).
Therefore, it is necessary to find some unique and
common characteristics of worms. Serious worm
incidents usually involve a large number of hosts that
scan specific ports on a set of addresses. Many of
these addresses are inactive. If we detect a large
number of distinct addresses scanning the inactive
ports, within a short period of time, then it is highly
possible that a worm attack is going on. We define
the addresses from which a packet is sent to an
inactive address as victims. If the detection system
can track the number of victims, then the detection
system has a better performance. Hence, a good
decision rule to determine if a host is a victim is
necessary.
Since worm signature is not known
beforehand, we need to detect anomalies that are
most likely caused by worms. Using our detection
architecture, we need to design algorithms to detect
such anomalies. Serious worm incidents usually
involve a large number of hosts scanning specific
ports on a set of addresses. Because it is hard for
worms to obtain the list of all vulnerable machines in
the Internet beforehand, worms normally need to
randomly search for targets to infect. Such random
scanning techniques will induce a large number of
packets to inactive addresses or inactive services. If
we detect a large number of distinct addresses
sending scan packets to inactive addresses or inactive
services within a short period of time, then it is
highly possible that there is a worm attack. We define
the source addresses that attempt to connect to
inactive address as victims. Our detection system will
track the victims observed from all monitoring
components. The control center will determine
whether there is a worm attack based on the change
of victim number. Worm detection based on the
change of victim number can be considered as a
change-point detection problem. Similar to the
typical sequential change-point detection algorithms
such as parametric or nonparametric Cumulative Sum
(CUSUM), our Victim Number Based Algorithm
calculates the change on the number of victims and
compares it with an adaptive threshold to detect
worm events.
5.2.1.Victim Decision Rules
To detect the change on the number of
victims, we need to identify which source addresses
are victims. One of the simplest rules is that, if a
source address sends at least one scan packet to an
inactive address, we consider this source address a
victim. We call this rule One Scan Decision Rule
(OSDR). Though very simple, OSDR is susceptible
to daily scan noises. For example, when a legitimate
user mistypes a destination address, the source
address might be marked as a victim if the mistyped
destination address is inactive. To avoid such scan
noises, we adopt Two Scan Decision Rule (TSDR),
that is, if a source address sends at least two scan
packets to inactive addresses, we will consider this
source address a victim. TSDR works well with noise
and reflects the incessant feature of worm scans, but
it needs to keep track of the number of scans to
inactive addresses for each source address, which
leads to a more complicated and expensive
implementation than OSDR. However, other
techniques such as Bloom Filter can be used to
alleviate the complexity on the implementation of
TSDR.
Adaptive Threshold:
In our Victim Number Based Algorithm, we
use an adaptive threshold to detect anomaly. When
the number of new victims is greater than the
adaptive threshold Ti in Equation , we consider there
is an anomaly.
7. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
809 | P a g e
]> ---------------------1)
]= ---------------------2)
= ]---------3)
where Vi is the number of victims detected by the
system up to time tick i. ¢Vi+1 = Vi+1¡Vi, which
denotes the number of new victims detected from
time tick i to time tick i+1. E[¢Vi] is the average
number of new victims over last k time ticks at time
tick i, and k is the learning time of the system. ° is a
constant value called threshold ratio. Ti is the
adaptive threshold at time tick i. To reduce the false
positive rate, in practice, we also need to observe a
number of such anomalies to determine worm
activity. The number of consecutive times of
anomaly needed to detect worm activity is denoted as
r. A tradeoff exists in the selection of the value of r.
A larger value of r gives a lower false positive rate
but takes longer time to detect worms whereas a
smaller value of r may result in a larger false positive
rate but takes less time to detect worms.
In order to smooth the initial learning process, we
need to deploy some schemes to expire the entries in
the database. A simple method is to use new database
everyday. For example, the learning process will start
from what the database learned from the previous
day. Another method is to assign a decreasing life
time L to each new victim detected. If L decreases to
zero then the victim is considered as expired and
removed from the victim list. If a scan packet is
received from the victim before L expires, its lifetime
is then reset to L. Using this method, the size of the
database can be kept stable. However, keeping track
of the timers for each address is expensive. We use
the method with daily reset for our solution.
The Victim Number Based Algorithm is as
shown in Figure. The monitoring components gather
scan packets to the detection networks, and use SDR
to identify the victims. The detection control center
collects the victims from all monitoring components
and performs Victim Number Based Algorithm to
detect whether or not there is a worm.
5.2.2.Victim Number Based Algorithm:
1. Gather Scan packets using detection
architecture
2. Identify victims using TSDR
3. Set number of consecutive times that
anomalies are observed , learning time K and
threshold ratio .
4. set adaptive threshold for the current time
tick i.
5. do
if ]> then
count=count-1;
else
count=r;
end if
Update threshold for the current time tick i.
6. while(count>0)
7. alter a worm attack.
5.2.3.Performance of victim Number Based
Algorithm:
Before we evaluate our detection algorithm,
first we need to understand how the number of
victims increases during worm events given a
detection network size, which will guide us to choose
the desired size of detection network. Then we need
to set the parameters including the learning time, the
threshold ratio constant and the number of
consecutive times that anomalies are observed. We
choose these parameters based on the properties of
the background traffic. In this section, we use traffic
traces to decide the parameters and evaluate our
detection algorithm.
The performance can be estimated by the
following criteria.
1) Modeling the Number of victim
2) Requirements for Detection Network size
3) Traffic collection
4) Parameter selection
The following figures shows that detection time of
different scan techniques using detection network.
Fig. 2a) Detection of a Random scan
8. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
810 | P a g e
Fig. 2b) Detection of a Routable scan
Fig. 2c) Detection of a Divide-Conquer scan
5.2.4.Evaluation of Victim Number Based
Algorithm:
To evaluate our algorithm on real traces, we
combine the real trace traffic with simulated worm
traffic based on various random scan methods. Fig.
2(a) shows the detection time for random scan worm.
The worm startsat 3:00am in the morning with scan
rate of 2 per second and is detected at 13:27pm when
less than 1.25% of vulnerable machines are infected.
It shows that with the /14 network, there is a rapid
increase in the number of victims during random scan
worm attacks. Fig. 2(b) shows the case when worms
perform routable scan. We can see that when worms
perform routable scan, we detect worm events at
5:43am. At this time, less than 0.83% of vulnerable
machines are infected. For divide conquer scan, as
shown in Fig.2(c), we have similar results as routable
scan because the changes on the number of victims
for both scan methods are similar during the early
stage of worm spreading. However, the spreading
speed of divide-conquer scan is faster than routable
scan. When we detect divide-conquer scan worm at
5:43am, less than 0.84% of vulnerable machines are
infected. Besides the various types of scan methods,
we want to know to what extent the victim number
based detection algorithm works for worms with
different scan rates.
Fig. 3(a) gives the results on the fraction of
vulnerable machines that have been infected when
our algorithm detects worm events by varying scan
rates using a /14 detection network. he Y-axis shows
the number of new victims detected in each time
interval. We can see that our algorithm can detect
worms with higher scan rates earlier than worms with
lower scan rates. Fig. 2(b) and Fig. 2(c) show similar
plots for routable scan and divide conquer scan
worms respectively. To understand how - (the
number of addresses that a worm performs random
scan) and N (the number of vulnerable machines in
the Internet) affect the performance of our algorithm,
we look at various cases varying these numbers and
check the fraction of vulnerable machines that have
been infected when we detect worm events. In Fig.
3(a), we vary - from 1:3 £ 109 to 232 when N = 500;
000. The worm can be detected before 1.4% of
vulnerable machines are infected in most cases. we
vary N from 0:1£106 to 2:0£106 when - = 232. It
shows that worms can be detected before 2% of
vulnerable machines are infected.
Fig. 3a) Fraction of Vulnerable machines being
infected vs Ω
Fig. 3b) Fraction of Vulnerable machines being
infected Vs N
9. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
811 | P a g e
III. CONCLUSION
When the attackers are more sophisticated,
probing is fundamentally not a costly process. From
the discussions above, it seems that the game would
favor the attackers when the Internet links are fast
enough and the size of the code is not critical to the
propagation speed.
This does not imply that monitoring is of no
use. In future, an efficient traffic monitoring
infrastructure will be an important part of the global
intrusion detection systems. A consequence of the
worm detection method is that the attackers will have
to use a limited number of IP addresses to scan the
Internet. Therefore, the impact of worm scanning on
the Internet traffic will be reduced.
In this paper , we clearly mentioned how the
worms will be effected and the characteristics of
different types of worms along with the architecture
and along with the algorithm to identify the effected
worms in the network dynamically by using different
scan techniques like random scan, routable scan,
divide-conquer scan. Further this paper, can be
extend to detecting the worms in world wide web.
References
[1] D. Moore, C. Shannon, and J. Brown,
“Code-Red: A Case Study on the Spread and
Victims of an Internet Worm,” Proc. Second
Internet Measurement Workshop (IMW),
Nov. 2002.
[2] D. Moore, V. Paxson, and S. Savage,
“Inside the Slammer Worm,” Proc. IEEE
Magazine of Security and Privacy, July
2003.
[3] CERT, CERT/CC Advisories,
http://www.cert.org/advisories/, 2010.
[4] P.R. Roberts, Zotob Arrest Breaks Credit
Card Fraud Ring, http://
www.eweek.com/article2/0,1895,1854162,0
0.asp, 2010.
[5] D.Haand H.Ngo, “OntheTrade-Offbetween
Speedand Resiliency of Flash Worms and
Similar Malcodes,”Proc.Fifth ACM
Workshop Recurring Malcode
(WORM),Oct.2007.
[6] 6)Yang,S.Zhu, andG.Cao, “Improving
Sensor Network Immunity under
WormAttacks: A Software diversity
Approach Proc.ACMMobiHoc,May2008.
[7] C. Zou, D.Towsley, and W.Gong ,“Email
Worm Modeling and Defense ,”Proc.13th
Int’l Conf. Computer Comm.and Networks
(ICCCN),Oct.2004.
[8] W.Yu,S.Chellappan,C.Boyer,andD.Xuan,“P
eer-to-Peer System-Based Active Worm
Attacks: Modeling and Analysis,” Proc.
IEEEInt’l Conf. Comm.(ICC),May2005.
[9] Z.S.Chen,L.X.Gao,andK. Kwiat,“Modeling
the spread of Active Worms, ”Proc. IEEE
INFOCOM ,Mar.2003.
[10] J.Wu,S.Vangala, and L.X.Gao, “An
Effective Architecture and Algorithm for
Detecting Worms with Various Scan
Techniques,”
Proc.11thIEEENetworkandDistributedSyste
mSecuritySymp. (NDSS),Feb.2004.
[11] S.Staniford, D.Moore, V.Paxson, and
N.Weaver, “The Top Speed of Flash
Worms,” Proc.Second ACMConf .Computer
and Comm. Security(CCS) Workshop Rapid
Malcode(WORM),Oct.2004.
[12] Y.Li,Z. Chen ,and C.Chen, “Understanding
Divide-Conquer-Scanning Worms,”
Proc.Int’ lPerformance Computing and
Comm. Conf.(IPCCC), Dec.2008.
[13] Z.S.Chen, L.X.Gao, and K.Kwiat,
“Modeling the Spread of Active Worms,
”Proc. IEEE INFOCOM,Mar.2003.
[14] Dynamic Graphs of the Nimda Worm,
http://www.caida.org/dynamic/analysis/secu
rity/nimda, 2010.
[15] Warhol Worms: The potential For Very Fast
Internet Plagues,
http://www.cs.berkeley.edu/nweaver/warhol.
html
[16] Nicholas Weaver, Vern Paxson, Stuart
Staniford, and Robert Cunningham. A
Taxonomy of Computer Worms. 2003.
http://www.cs.unc.edu/~jeffay/courses/nidsS
05/attacks/ paxson-worm-taxonomy03.pdf.
[17] N. Weaver, Potential Strategies for High
Speed Active Worms: A Worst Case
Analysis,
http://www.cs.berkeley.edu/nweaver/worms.
pdf
Ravinder Nellutla B.Sc
from KaKatiya University
Warangal, Master of
Computer Applications from
KaKatiya University
Warangal, M.Tech Computer
Science Engineering from
Balaji institute of Engineering and Sciences,
Narsampet, Warangal, Currently working as
Asst.Prof. at Kamala institute of technology and
science, Singapur, Huzurabad, Karimnagar. His
interested subjects include Programming
languages, network security and Data base
Concepts.
10. Ravinder Nellutla, Vishnu Prasad Goranthala, Fasi Ahmed Parvez / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 4, Jul-Aug 2013, pp.803-812
812 | P a g e
.
Vishnu Prasad Goranthala
M.Tech Computer
Science and
Engineering from
JNTU,Hyderabad,
Master of Computer
Applications from
Osmania University ,BSc from KaKathiya
University Warangal, Currently he is
working as an Associate Prof, at Balaji
Institute of Engineering & Sciences,
Narsampet, Warangal., and has 9+
years of experience in Academic. His
research areas include Databases,
Programming Languages and Mobile
computing, Information Security,
Cryptography, and Network Security.
Fasi Ahmed Parvez
currently he is the head
of Department of CSE &
IT in Balaji Institute of
Engineering & Sciences,
Narsampet, Warangal.,
Parvez had several
years of Experience in Academic. His
research areas of interest include Data
mining, Databases, Information
security.