Detecting scanning computer worms using machine learning and darkspace network traffic

Date
2017
Authors
Ochieng, Nelson
Ismail, Ateya
Waweru, Mwangi
Orero, Joseph
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
The subject of this paper is computer worm detection in a network. Computers worms have been defined as a process that can cause a possibly evolved copy of it to execute on a remote computer. They do not require human intervention to propagate; neither do they need to attach themselves to existing files. Computer worms spread very rapidly and modern worm authors obfuscate their code to make it difficult to detect them. This paper proposes to use machine learning to detect them. The paper deviates from existing approaches in that it uses the darkspace network traffic attributed to an actual worm attack to validate the algorithms. In addition, it attempts to understand the threat model, the feature set and the detection algorithms to explain the best combination of features and why the best algorithms succeeds where others have failed.
Description
The conference aimed at supporting and stimulating active productive research set to strengthen the technical foundations of engineers and scientists in the continent, through developing strong technical foundations and skills, leading to new small to medium enterprises within the African sub-continent. It also seeked to encourage the emergence of functionally skilled technocrats within the continent.
Keywords
Computer worm detection, Malware detection, Machine learning, Darkspace network traffic, behavioral computer worm detection
Citation
Ochieng, N., Ateya, I., Waweru, M., & Orero, J. (2017). Detecting scanning computer worms using machine learning and darkspace network traffic. In Pan African Conference on Science, Computing and Telecommunications (PACT). Nairobi: Strathmore University. Retrieved from https://su-plus.strathmore.edu