Publication:
A Behavioral Approach to Worm Detection

dc.contributor.advisorAmmann, Paul
dc.contributor.authorEllis, Daniel R.
dc.date.accessioned2024-07-09T19:37:41Z
dc.date.available2024-07-09T19:37:41Z
dc.date.issued2006-08
dc.description.abstractThis dissertation presents a novel approach to the automatic detection of worms using behavioral signatures. A behavioral signature describes aspects of any worm’s behavior that are common across manifestations of the worm and that span its nodes in temporal order. Characteristic patterns of worm behaviors in network traffic include 1) engaging in similar network behaviors from one target machine to the next, 2) tree-like propagation, and 3) changing a server into a client. These behavioral signatures are presented within the context of a general worm model. The most significant contribution of this dissertation is the demonstration th at an accurate and fast worm detection system can be built using the above patterns. Further, I show that the class of worms detectable using these patterns exceeds what has been claimed in the literature and covers a significant portion of the classes of worms. Another contribution is the introduction of a novel paradigm—Network Application Architecture (NAA), which concerns possible ways to distribute network application functionality across a network. Three NAAs are discussed. As an NAA becomes more constrained, worm detection gets easier. It is shown that for some NAAs certain classes of worms can be detected with only one packet. The third significant contribution of this dissertation is the capability to evaluate worm detection systems in an operational environment. This capability can be used by other researchers to evaluate their own or others’ worm detection systems. The claim is that the capability can emulate practically all worms and that it can do so safely, even in an operational enterprise environment.
dc.format.mediumdoctoral dissertations
dc.identifier.urihttp://hdl.handle.net/1920/13619
dc.identifier.urihttps://doi.org/10.13021/MARS/2079
dc.language.isoen
dc.rightsCopyright 2006 Daniel R. Ellis
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0
dc.titleA Behavioral Approach to Worm Detection
dc.typeDissertation
dspace.entity.typePublication
thesis.degree.disciplineInformation Technology
thesis.degree.grantorGeorge Mason University
thesis.degree.levelDoctoral
thesis.degree.namePhD in Information Technology

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Ellis_Daniel_dissertation.pdf
Size:
3.76 MB
Format:
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2.56 KB
Format:
Item-specific license agreed upon to submission
Description: