Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2007, Vol. 30 ›› Issue (2): 98-101.doi: 10.13190/jbupt.200702.98.hongzh

• Papers • Previous Articles     Next Articles

Worm Detection Based on Improved V-detector Algorithm

HONG Zheng, WU Li-fa, WANG Yuan-yuan   

  1. (Institute of Command Automation, People’s Liberation Army University of Science and Technology, Nanjing 210007, China)
  • Received:2006-05-16 Revised:1900-01-01 Online:2007-04-30 Published:2007-04-30
  • Contact: HONG Zheng

Abstract:

A host usually changes its network traffic characteristics when infected by a worm. From the observation, a worm detection method was proposed. It drew inspiration from the negative selection of the immune system. Firstly, V-detector algorithm—a real-valued negative selection algorithm with variable-coverage detectors was improved. The improved algorithm endeavored to generate large detectors according to the non-self space distribution. Compared with V-detector, the improved algorithm generated a much smaller detector set and increased the detection efficiency. Secondly, the improved V-detector algorithm was used to generate detector sets and monitor hosts’ network traffic characteristics for worm attacks. Experiments show that the method is effective to detect traditional worms as well as multi-vector polymorphic worms.

Key words: artificial immune system, negative selection, worm detection

CLC Number: