Detecting scanning computer worms using machine learning and darkspace network traffic

Ochieng, Nelson; Ismail, Ateya; Waweru, Mwangi; Orero, Joseph

View/Open

Full text (257.5Kb)

Date

2017

Author

Ochieng, Nelson

Ismail, Ateya

Waweru, Mwangi

Orero, Joseph

Metadata

Show full item record

Abstract

The subject of this paper is computer worm detection in a network. Computers worms have been defined as a process that can cause a possibly evolved copy of it to execute on a remote computer. They do not require human intervention to propagate; neither do they need to attach themselves to existing files. Computer worms spread very rapidly and modern worm authors obfuscate their code to make it difficult to detect them. This paper proposes to use machine learning to detect them. The paper deviates from existing approaches in that it uses the darkspace network traffic attributed to an actual worm attack to validate the algorithms. In addition, it attempts to understand the threat model, the feature set and the detection algorithms to explain the best combination of features and why the best algorithms succeeds where others have failed.

URI

http://hdl.handle.net/11071/5182

Collections

Pan African Conference on Science, Computing and Telecommunications (PACT) 2017 [20]