TY - GEN
T1 - Application of artificial neural networks techniques to computer worm detection
AU - Stopel, Dima
AU - Boger, Zvi
AU - Moskovitch, Robert
AU - Shahar, Yuval
AU - Elovici, Yuval
PY - 2006/1/1
Y1 - 2006/1/1
N2 - Detecting computer worms is a highly challenging task. Commonly this task is performed by antivirus software tools that rely on prior explicit knowledge of the worm's code, which is represented by signatures. We present a new approach based on Artificial Neural Networks (AMN) for detecting the presence of computer worms based on the computer's behavioral measures. In order to evaluate the new approach, several computers were infected with seven different worms and more than sixty different parameters of the infected computers were measured. The ANN and two other known classifications techniques, Decision Tree and k -Nearest Neighbors, were used to test their ability to classify correctly the presence, and the type, of the computer worms even during heavy user activity on the infected computers. The comparisons between the three approaches suggest that the ANN approach have computational advantages when real-time computation is needed, and has the potential to detect previously unknown worms. In addition, ANN may be used to identify the most relevant, measurable, features and thus reduce the feature dimensionality.
AB - Detecting computer worms is a highly challenging task. Commonly this task is performed by antivirus software tools that rely on prior explicit knowledge of the worm's code, which is represented by signatures. We present a new approach based on Artificial Neural Networks (AMN) for detecting the presence of computer worms based on the computer's behavioral measures. In order to evaluate the new approach, several computers were infected with seven different worms and more than sixty different parameters of the infected computers were measured. The ANN and two other known classifications techniques, Decision Tree and k -Nearest Neighbors, were used to test their ability to classify correctly the presence, and the type, of the computer worms even during heavy user activity on the infected computers. The comparisons between the three approaches suggest that the ANN approach have computational advantages when real-time computation is needed, and has the potential to detect previously unknown worms. In addition, ANN may be used to identify the most relevant, measurable, features and thus reduce the feature dimensionality.
UR - http://www.scopus.com/inward/record.url?scp=40649103203&partnerID=8YFLogxK
U2 - 10.1109/ijcnn.2006.247059
DO - 10.1109/ijcnn.2006.247059
M3 - Conference contribution
AN - SCOPUS:40649103203
SN - 0780394909
SN - 9780780394902
T3 - IEEE International Conference on Neural Networks - Conference Proceedings
SP - 2362
EP - 2369
BT - International Joint Conference on Neural Networks 2006, IJCNN '06
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - International Joint Conference on Neural Networks 2006, IJCNN '06
Y2 - 16 July 2006 through 21 July 2006
ER -