A countermeasure mechanism for fast scanning malware

Ahmad, Muhammad Aminu; Woodhead, Steve; Gan, Diane

doi:10.1109/cybersecpods.2016.7502345

Cited by 5 publications

(7 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ahmad et al [2] and Shahzad et al [20] proposed similar worm detection methods, which track SYN and UDP packets sent to detect the advent of worms. They associate SYN and UDP packets with the DNS resolution cache to determine whether there is a DNS lookup operation, and packets that do not have DNS lookup operations are considered suspicious packets.…”

Section: Worm Attacks Detection Using Traditional Detection Methodsmentioning

confidence: 99%

“…If the number of suspicious packets exceeds the threshold, a worm attack event is considered to have occurred, and the containment system would be used to block the suspicious traffic. In [2], in addition to using the above rules for detection and blocking, the authors also devised an LA policy to timely notify Adjacent network segments of worm events.…”

Section: Worm Attacks Detection Using Traditional Detection Methodsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Detection Methods Against Internet Worm Attacks

Wang¹

2020

ReBICTE

View full text Add to dashboard Cite

Miscellaneous attacks against the Internet have become one of the major concerns among many imperfectionsin contemporary cyberspace. In particular, worms are one highly dangerous type. Howto timely detect and utterly stop such attacks still remains an unresolved issue, and it is of greatnecessity to review the existing quality work in the field of worm detection. In this paper, majorcharacteristics, working mechanisms, and the life cycle of worms are introduced. Then, we divideexisting worm detection techniques into two categories: machine learning methods and traditionaldetection methods, and existing worm countermeasures are reviewed in detail by category. Finally,some open issues in the field of worm detection are discussed, and the contents of this paper aresummarized. The goal of this paper is to let researchers comprehensively understand various existingdefense mechanisms against worms.

show abstract

Section: Worm Attacks Detection Using Traditional Detection Methodsmentioning

confidence: 99%

Section: Worm Attacks Detection Using Traditional Detection Methodsmentioning

confidence: 99%

A Survey on Detection Methods Against Internet Worm Attacks

Wang¹

2020

ReBICTE

View full text Add to dashboard Cite

show abstract

“…Ahmad el al. [141] presented a detection system that keeps tracking outgoing SYN and UDP packets of monitored traffic. They correlated SYN and UDP packets with a DNS resolution cache to determine the absence of DNS lookup.…”

Section: Knowledge-based Methods Against Worm Attacksmentioning

confidence: 99%

Security Data Collection and Data Analytics in the Internet: A Survey

Jing

Yan

Pedrycz

2019

IEEE Commun. Surv. Tutorials

101

View full text Add to dashboard Cite

“…Earlier works on worm spreading mitigation recognized that a lack of DNS traffic was suspicious and blocking such traffic prevents the worms from fully spreading across a network [1]- [6]. These projects have performed controlled experiments, in which an isolated network is infected with a worm, but they do not consider the impact of blocking unnamed traffic on benign traffic in their results.…”

Section: Related Workmentioning

confidence: 99%

“…These methods are naturally challenged by unnamed traffic, the traffic that is not relying on DNS to resolve domain names to IP addresses, which completely circumvents these DNS-based security methods. Not only malicious applications [1]- [6] but also benign applications [7], [8] are known to rely on unnamed traffic, making network operators unable to simply block out all unnamed traffic. This dilemma enables the unnamed traffic to exist within networks, while potentially being a crucial component of malicious activities.…”

Section: Introductionmentioning

confidence: 99%

Understanding the Challenges of Blocking Unnamed Network Traffic

Hageman

Kidmose

Hansen

et al. 2022

NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

Network traffic that is not preceded by any Domain Name System (DNS) resolutions is referred to as unnamed traffic. Any DNS-based security system is ineffective against malicious content distributed through this traffic. In this paper, we introduce a novel method for identifying unnamed traffic based on the correlation of flows and DNS responses extracted from raw network traces. We describe two challenges that affect the validity of our method, and how to handle them. By applying our method to a one-week trace of network traffic, we illustrate that unnamed traffic is ubiquitous in a university network across nearly all client systems, destination IP addresses, and destination services. We conclude by presenting several open problems that prevent us from blocking unnamed traffic for security reasons.

show abstract

A countermeasure mechanism for fast scanning malware

Cited by 5 publications

References 12 publications

A Survey on Detection Methods Against Internet Worm Attacks

A Survey on Detection Methods Against Internet Worm Attacks

Security Data Collection and Data Analytics in the Internet: A Survey

Understanding the Challenges of Blocking Unnamed Network Traffic

Contact Info

Product

Resources

About