Evolving Neuro-Fuzzy Inference System For Worm Detection In High-Speed Netwroks
Loading...
Date
2014-11
Authors
Abdullah, Shubair Abdulkareem
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Sains Malaysia
Abstract
Internet worms are malicious programs spread rapidly over networks. They remain a big threat to the internet, as demonstrated by a number of large-scale worm outbreaks, such as Sasser, Storm, and Stuxnet worms. Moreover, every new wave of outbreak reveals rapid evolution in terms of sophistication, infection speed, and damage caused to the business. Unfortunately, the current worm detection research has not seen the same pace of advancement. Most of worm detection systems are unable to deal intelligently with worms especially in high-speed networks. In this thesis, a comprehensive system for worm detection and containment is presented. This system consists of two subsystems: worm detection and signature generation. The worm detection subsystem is an evolving neuro-fuzzy inference system, called kNN-based Evolving Neuro-Fuzzy Inference System, kENFIS for short. kENFIS depends on a new defined behavioral IP flow model for worms. It is the first evolving neuro-fuzzy inference system that employs kNN-based Evolving Fuzzy Clustering Method (kEFCM) to create and evolve fuzzy rules. kEFCM is an enhanced version of kNN algorithm, which is identified as the most accurate algorithm in terms of worm detection in this thesis. The signature generation subsystem is a new matching system that extracts obfuscated and non-obfuscated signatures, called Most Frequent Maximum String system (MFMS). It captures the malicious payloads only to extract the most frequent maximum string in the worm instances. The implemented algorithms are validated and evaluated through robust experiments. The results show that the proposed system offers higher efficiency and accuracy in revealing worm detection and containment.
Description
Keywords
Internet worms are malicious programs , spread rapidly over networks