A distributed framework for the detection of new worm-related malware

Boris Rozenberg, Ehud Gudes, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and the results are promising.

Original languageEnglish
Title of host publicationIntelligence and Security Informatics - First European Conference, EuroISI 2008, Proceedings
Pages179-190
Number of pages12
DOIs
StatePublished - 1 Dec 2008
Event1st European Conference on Intelligence and Security Informatics, EuroISI 2008 - Esbjerg, Denmark
Duration: 3 Dec 20085 Dec 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5376 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st European Conference on Intelligence and Security Informatics, EuroISI 2008
Country/TerritoryDenmark
CityEsbjerg
Period3/12/085/12/08

Keywords

  • Collaborative detection
  • Malware detection
  • Malware propagation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'A distributed framework for the detection of new worm-related malware'. Together they form a unique fingerprint.

Cite this