International Journal of Security and Networks
Place of Publication
Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly detection, rendering existing IDSes (particularly signature-based) less effective. We propose PAIDS, a proximity-assisted IDS approach for identifying the outbreak of unknown worms. Operating on an orthogonal dimension with existing IDSes, PAIDS can work collaboratively with existing IDSes for better performance. Trace-driven evaluation indicates that PAIDS has high detection rates and low false-positive rates. We also build a prototype with Google Maps APIs and libpcap library.
Zhenyun Zhuang, Ying Li, and Z. Chen (2010).
Enhancing Intrusion Detection System with proximity information. International Journal of Security and Networks.5 (4), 207-219. Geneva, Switzerland: Inderscience Publishers.