Modeling and Detection of Camouflaging Worm


Active worms pose major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation and thus pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms.

We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic.

Using a comprehensive set of detection metrics and real-world traces as background traffic, we conduct extensive performance evaluations on our proposed spectrum-based detection scheme. The performance data clearly demonstrates that our scheme can effectively detect the C-Worm propagation. Furthermore, we show the generality of our spectrum-based scheme in effectively detecting not only the C-Worm, but traditional worms as well.

Proposed System

Proposed Worm detection schemes that are based on the global scan traffic monitor by detecting traffic anomalous behavior, there are other worm detection and defense schemes such as sequential hypothesis testing for detecting worm-infected computers, payload-based worm signature detection. . In presented both theoretical modeling and experimental results on a collaborative worm signature generation system that employs distributed fingerprint filtering and aggregation and multiple edge networks. .. In presented a state-space feedback control model that detects and control the spread of these viruses or worms by measuring the velocity of the number of new connections an infected computer makes. Despite the different approaches described above, we believe that detecting widely scanning anomaly behavior continues to be a useful weapon against worms, and that in practice multifaceted defense has advantage


  • C-Worm detection Module
  • Worms are malicious Detection Module OR Anomaly Detection
  • Pure Random Scan (PRS) Module
  • Worm propagation Module

Hardware Requirements:


  • Processor : pentium iv 2.6 ghz
  • Ram : 512 mb dd ram
  • Monitor : 15" color
  • Hard disk : 20 gb
  • Floppy drive : 1.44 mb
  • Cddrive : lg 52x
  • Keyboard : standard 102 keys
  • Mouse : 3 buttons

S/W System Configuration:-

  • Front End : Java, JFC (Swing)
  • Tools Used : Eclipse 3.3
  • Operating System: Windows XP/7


<< back

Related Projects : Mobile Electronic Program Guide ,Mobile Gadgeteer ,Mobile i Broker ,Mobile Invoice ,Mobile Location Alarm ,Mobile Phone Tracking ,Mobile Sampling of Sensor Field Data ,Mobile Video Archive ,Mobility Management Approaches for Mobile IP Networks ,Mobility Management Schemes Based On Pointer Forwarding For Wireless Mesh Networks ,Mobiminder: Location Based Reminder on Mobiles ,Mobi Travel Guide ,Modeling and Detection of Camouflaging Worm ,Movement-Assisted Connectivity Restoration ,Movie World ,Multi-Lingual Website ,MultiAuctioneer Progressive Auction For Dynamic Spectrum Access ,Multihoming Route Control Multiple Routing Configurations for Fast IP Network Recovery ,Multi Banking System ,Multi User Chat System ,Natural Image Segmentation Based On Tree Equipartition , News Paper Proclamination Monitoring System ,Noise Reduction By Fuzzy Image Filtering ,Notepad Editor System ,On-Line Help Desk ,Online Crime file Management ,Online Crime Report ,Online Fast Food ,Online Issue Management



Copyright © V2computers 2006 through 2017