CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 6570 > Article
Paper
9 April 2007 Defending against Internet worms using a phase space method from chaos theory
Jing Hu, Jianbo Gao, Nageswara S. Rao
Author Affiliations +
Proceedings Volume 6570, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007; 657003 (2007) https://doi.org/10.1117/12.719026
Event: Defense and Security Symposium, 2007, Orlando, Florida, United States
Abstract
Enterprise networks are facing ever-increasing security threats from Distributed Denial of Service (DDoS) attacks, worms, viruses, intrusions, Trojans, port scans, and network misuses, and thus effective monitoring approaches to quickly detect these activities are greatly needed. In this paper, we employ chaos theory and propose an interesting phase space method to detect Internet worms. An Internet worm is a self-propagating program that automatically replicates itself to vulnerable systems and spreads across the Internet. Most deployed worm-detection systems are signature-based. They look for specific byte sequences (called attack signatures) that are known to appear in the attack traffic. Conventionally, the signatures are manually identified by human experts through careful analysis of the byte sequence from captured attack traffic. We propose to embed the traffic sequence to a high-dimensional phase space using chaos theory. We have observed that the signature sequence of a specific worm will occupy specific regions in the phase space, which may be appropriately called the invariant subspace of the worm. The invariant subspace of the worm separates itself widely from the subspace of the normal traffic. This separation allows us to construct three simple metrics, each of which completely separates 100 normal traffic streams from 200 worm traffic streams, without training in the conventional sense. Therefore, the method is at least as accurate as any existing methods. More importantly, our method is much faster than existing methods, such as based on expectation maximization and hidden Markov models.
© (2007) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Jing Hu, Jianbo Gao, and Nageswara S. Rao "Defending against Internet worms using a phase space method from chaos theory", Proc. SPIE 6570, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007, 657003 (9 April 2007); https://doi.org/10.1117/12.719026
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 9 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 5 scholarly publications.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Internet
Chaos theory
Network security
Computer intrusion detection
Oscillators
Solids
Viruses
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top