A Behavior Approach to Instant Messaging Worm Detection
- DOI
- 10.2991/aiie-15.2015.63How to use a DOI?
- Keywords
- instant messaging worms; simplified mahalanobis distance; non-parametric cumulative sum (CUSUM) method
- Abstract
In this paper, we present a behavior approach to detect Instant Messaging (IM) worm attacks. We extract characteristics of IM worm behaviors by analyzing the mechanism of IM worm propagation and define the corresponding characteristic functions the values of which can distinguish IM worm behaviors from normal user behaviors. Our approach starts to work through two stages. First stage, the training stage, we learn the means and deviations of characteristic functions from a profile. Second stage, the detection stage, simplified Mahalanobis distance is utilized to calculate the similarity of new data against the pre-computed profile. To make the detection mechanism insensitive to site and access pattern, a non-parametric Cumulative Sum (CUSUM) method is applied to this measure and generates an alert when the distance of the new input exceeds the allowable distance the algorithm set. As a result, IM worms can be detected in a fully automatic and very efficient fashion.The evaluation results show that the detection mechanism has short detection latency and high detection accuracy.
- Copyright
- © 2015, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - W. Guo AU - L. Wang AU - H.X. Zhou PY - 2015/07 DA - 2015/07 TI - A Behavior Approach to Instant Messaging Worm Detection BT - Proceedings of the 2015 International Conference on Artificial Intelligence and Industrial Engineering PB - Atlantis Press SP - 225 EP - 228 SN - 1951-6851 UR - https://doi.org/10.2991/aiie-15.2015.63 DO - 10.2991/aiie-15.2015.63 ID - Guo2015/07 ER -