A Behaviour based Framework for Worm Detection

AbstractIncreasing threats from worms in the internet continue to be a challenge for current content-based Network Intrusion Detection Systems (NIDS). Worms use different obfuscation techniques (You & Yim 2010) to evade detection and if the worm's signature is not previously known, such systems fail. This paper proposes the use of behavioral signatures for network intrusion detection. The different infection phases exhibited by a worm can be used to characterize its network behaviour. Such behaviour of worms can be captured in the proposed scheme by using behavioural signatures