Title

PAIDS: A Proximity-Assisted Intrusion Detection System for Unidentified Worms View Document

Document Type

Presentation

Presentation Date

7-2009

Conference Name

33rd Annual IEEE International Computer Software and Applications Conference

Conference Location

Seattle, Washington

Source of Publication

33rd Annual IEEE International Computer Software and Applications Conference, 2009. COMPSAC '09

Publisher

IEEE

Peer Review

Yes

Abstract

The wide spread of worms poses serious challenges to today's Internet.Various IDSes (Intrusion Detection Systems) have been proposed to identify or prevent such spread. These IDSes can be largely classified as signature-based or anomaly-based ones depending on what type of knowledge the system knows. Signature-based IDSes are unable to detect the outbreak of new and unidentified worms when the worms' characteristic patterns are unknown. In addition, new worms are often sufficiently intelligent to hide their activities and evade anomaly detection. Moreover, modern worms tend to spread more quickly, and the outbreak period lasts in the order of hours or even minutes. Such characteristics render existing detection mechanisms less effective.In this work, we consider the drawbacks of current detection approaches and propose PAIDS, a proximity-assisted IDS approach for identifying the outbreak of unknown worms. PAIDS does not rely on signatures.Instead, it takes advantage of the proximity information of compromised hosts. PAIDS operates on an \emph{orthogonal} dimension with existing IDS approaches and can thus work \emph{collaboratively} with existing IDSes to achieve better performance. We test the effectiveness of PAIDS with trace-driven simulations and show that PAIDS has a high detection rate and a low false positive rate.

Keywords

Worm, Proximity, Intrusion Detection System, anomaly detection, Internet, PAIDS, proximity-assisted intrusion detection system, signature-based scheme, unidentified worm, invasive software, digital signatures, Internet, Intrusion detection, Computer worms, Internet, Computer applications, Application software, Educational institutions, Failure analysis, Pattern analysis, Impedance, Collaborative work

Disciplines

Computer Sciences

This document is currently not available here.

Share

COinS
 
 

Link to Original Published Item

http://ieeexplore.ieee.org/document/5254234/