@inproceedings{75a3830d23e94828b5da9b90f10d9b53,
title = "A distributed framework for the detection of new worm-related malware",
abstract = "Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and the results are promising.",
keywords = "Collaborative detection, Malware detection, Malware propagation",
author = "Boris Rozenberg and Ehud Gudes and Yuval Elovici",
year = "2008",
month = dec,
day = "1",
doi = "10.1007/978-3-540-89900-6_19",
language = "English",
isbn = "3540898999",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "179--190",
booktitle = "Intelligence and Security Informatics - First European Conference, EuroISI 2008, Proceedings",
note = "1st European Conference on Intelligence and Security Informatics, EuroISI 2008 ; Conference date: 03-12-2008 Through 05-12-2008",
}