NADTW: new approach for detecting TCP worm
作者: Mohammed AnbarRosni AbdullahAlhamza MuntherMohammed Azmi Al-BetarRedhwan M. A. Saad
作者单位: 1Universiti Sains Malaysia (USM)
2Universiti Malaysia Perlis
3Al-Balqa Applied University
刊名: Neural Computing and Applications, 2017, Vol.28 (1), pp.525-538
来源数据库: Springer Nature Journal
DOI: 10.1007/s00521-016-2358-9
关键词: Destination Source Correlation (DSC)Intrusion Detection System (IDS)Network scanningMalicious codesTCP worm
原始语种摘要: A computer worm is a self-replicating malicious code that does not alter files but resides in active memory where it duplicates itself. Worms use parts of the operating system that are automatic and usually invisible to the user. Worms commonly exhibit abnormal behaviors, which become noticeable only when their uncontrolled replication consumes system resources and consequently decelerates or halts other tasks completely. This paper proposes an effective approach for detecting the presence of TCP network worms. This approach consists of two phases: Statistical Cross-relation for Network Scanning (SCANS) phase and the Worm Correlation phase. The SCANS phase is used to detect the presence of the network scanning behavior of a network worm, while the worm correlation phase is used to detect...
全文获取路径: Springer Nature  (合作)
分享到:
来源刊物:
影响因子:1.168 (2012)

×
关键词翻译
关键词翻译
  • detecting 检测
  • network 网络
  • approach 
  • malicious 恶意
  • noticeable 引人注意的
  • scanning 扫描
  • automatic 自动的
  • worms 蠕虫动物
  • efficient 有用的
  • DSC 3270 information Display System data-stream Compatibility