A Tour of the Computer Worm Detection Space

Ochieng, Nelson; Mwangi, Waweru; Ateya, Ismael

doi:10.5120/18169-9045

Cited by 4 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Using Cloudmonitor To Detect Remote Computer Worm Attacksmentioning

confidence: 99%

“…The computer worm technique utilized in this experiment can infect all computers in a network after infecting a single computer [84]. During the assault, the attacker first accesses a computer in the network but with no awareness of the user and then transmits all the required files and scripts needed to infect all nodes within the consumer network [84]. Once the initial stage has been performed, the attack will detect all the consumer's neighbor IP addresses within the network and deliver the attack payload to the "/tmp" directory of all the systems through SCP with zero knowledge from the users.…”

Section: Using Cloudmonitor To Detect Remote Computer Worm Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Alqahtani,

Almutairi,

Sheldon

2024

Future Internet

View full text Add to dashboard Cite

This study provides a comprehensive review and comparative analysis of existing Information Flow Tracking (IFT) tools which underscores the imperative for mitigating data leakage in complex cloud systems. Traditional methods impose significant overhead on Cloud Service Providers (CSPs) and management activities, prompting the exploration of alternatives such as IFT. By augmenting consumer data subsets with security tags and deploying a network of monitors, IFT facilitates the detection and prevention of data leaks among cloud tenants. The research here has focused on preventing misuse, such as the exfiltration and/or extrusion of sensitive data in the cloud as well as the role of anonymization. The CloudMonitor framework was envisioned and developed to study and design mechanisms for transparent and efficient IFT (eIFT). The framework enables the experimentation, analysis, and validation of innovative methods for providing greater control to cloud service consumers (CSCs) over their data. Moreover, eIFT enables enhanced visibility to assess data conveyances by third-party services toward avoiding security risks (e.g., data exfiltration). Our implementation and validation of the framework uses both a centralized and dynamic IFT approach to achieve these goals. We measured the balance between dynamism and granularity of the data being tracked versus efficiency. To establish a security and performance baseline for better defense in depth, this work focuses primarily on unique Dynamic IFT tracking capabilities using e.g., Infrastructure as a Service (IaaS). Consumers and service providers can negotiate specific security enforcement standards using our framework. Thus, this study orchestrates and assesses, using a series of real-world experiments, how distinct monitoring capabilities combine to provide a comparatively higher level of security. Input/output performance was evaluated for execution time and resource utilization using several experiments. The results show that the performance is unaffected by the magnitude of the input/output data that is tracked. In other words, as the volume of data increases, we notice that the execution time grows linearly. However, this increase occurs at a rate that is notably slower than what would be anticipated in a strictly proportional relationship. The system achieves an average CPU and memory consumption overhead profile of 8% and 37% while completing less than one second for all of the validation test runs. The results establish a performance efficiency baseline for a better measure and understanding of the cost of preserving confidentiality, integrity, and availability (CIA) for cloud Consumers and Providers (C&P). Consumers can scrutinize the benefits (i.e., security) and tradeoffs (memory usage, bandwidth, CPU usage, and throughput) and the cost of ensuring CIA can be established, monitored, and controlled. This work provides the primary use-cases, formula for enforcing the rules of data isolation, data tracking policy framework, and the basis for managing confidential data flow and data leak prevention using the CloudMonitor framework.

show abstract

Section: Using Cloudmonitor To Detect Remote Computer Worm Attacksmentioning

confidence: 99%

Section: Using Cloudmonitor To Detect Remote Computer Worm Attacksmentioning

confidence: 99%

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Alqahtani,

Almutairi,

Sheldon

2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…A number of approaches for computer worm detection have been reviewed in the literature. These include contentbased signature schemes, anomaly-detection schemes, and behavioral-signature detection schemes, a summary and analysis of which has been presented by the authors in an earlier paper [6]. For this present work, only approaches that utilize machine learning are emphasized.…”

Section: Related Workmentioning

confidence: 99%

“…Input: Learning set-S, Ensemble size B. Output: Ensemble E (1) E = (2) W=Assign Equal Weights (S) (3) for i = 1 to B do (4) C i =Construct-Models (S, W) (5) E rr =Apply Model (C i , S) (6) if (E rr = 0) ∪ (E rr ≥ 0.5) then (7) Terminate Model Generation (8) return E (9) for j = 1 to Number Of Examples (S) do (10) if Correctly Classified (S j , C i ) then (11) W…”

Section: Stackingmentioning

confidence: 99%

Optimizing Computer Worm Detection Using Ensembles

Ochieng

Mwangi

Ateya

2019

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The scope of this research is computer worm detection. Computer worm has been defined as a process that can cause a possibly evolved copy of it to execute on a remote computer. It does not require human intervention to propagate neither does it attach itself to an existing computer file. It spreads very rapidly. Modern computer worm authors obfuscate the code to make it difficult to detect the computer worm. This research proposes to use machine learning methodology for the detection of computer worms. More specifically, ensembles are used. The research deviates from existing detection approaches by using dark space network traffic attributed to an actual worm attack to train and validate the machine learning algorithms. It is also obtained that the various ensembles perform comparatively well. Each of them is therefore a candidate for the final model. The algorithms also perform just as well as similar studies reported in the literature.

show abstract

“…An IDS is a monitoring infrastructure or application that surveils all events or communication traffic taking place in a computing system or over networks and generates reports to the management system by differentiating intrusions, suspicious activities, and other malicious behaviors . The term intrusion, also known as attack, is a behavior of evading computer security policy or standard , which can occur in various situations .…”

Section: Intrusion Detection Systemsmentioning

confidence: 99%

Intrusion detection techniques for mobile cloud computing in heterogeneous 5G

Gai

Qiu

Tao

et al. 2015

Security Comm. Networks

148

View full text Add to dashboard Cite

Mobile cloud computing is applied in multiple industries to obtain cloud‐based services by leveraging mobile technologies. With the development of the wireless networks, defending threats from wireless communications have been playing a remarkable role in the Web security domain. Intrusion detection system (IDS) is an efficient approach for protecting wireless communications in the Fifth Generation (5G) context. In this paper, we identify and summarize the main techniques being implemented in IDSs and mobile cloud computing with an analysis of the challenges for each technique. Addressing the security issue, we propose a higher level framework of implementing secure mobile cloud computing by adopting IDS techniques for applying mobile cloud‐based solutions in 5G networks. On the basis of the reviews and synthesis, we conclude that the implementation of mobile cloud computing can be secured by the proposed framework because it will provide well‐protected Web services and adaptable IDSs in the complicated heterogeneous 5G environment. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

A Tour of the Computer Worm Detection Space

Cited by 4 publications

References 17 publications

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Optimizing Computer Worm Detection Using Ensembles

Intrusion detection techniques for mobile cloud computing in heterogeneous 5G

Contact Info

Product

Resources

About