Proceedings of the 2015 International Conference on Artificial Intelligence and Industrial Engineering

A Behavior Approach to Instant Messaging Worm Detection

Authors
W. Guo, L. Wang, H.X. Zhou
Corresponding Author
W. Guo
Available Online July 2015.
DOI
10.2991/aiie-15.2015.63How to use a DOI?
Keywords
instant messaging worms; simplified mahalanobis distance; non-parametric cumulative sum (CUSUM) method
Abstract

In this paper, we present a behavior approach to detect Instant Messaging (IM) worm attacks. We extract characteristics of IM worm behaviors by analyzing the mechanism of IM worm propagation and define the corresponding characteristic functions the values of which can distinguish IM worm behaviors from normal user behaviors. Our approach starts to work through two stages. First stage, the training stage, we learn the means and deviations of characteristic functions from a profile. Second stage, the detection stage, simplified Mahalanobis distance is utilized to calculate the similarity of new data against the pre-computed profile. To make the detection mechanism insensitive to site and access pattern, a non-parametric Cumulative Sum (CUSUM) method is applied to this measure and generates an alert when the distance of the new input exceeds the allowable distance the algorithm set. As a result, IM worms can be detected in a fully automatic and very efficient fashion.The evaluation results show that the detection mechanism has short detection latency and high detection accuracy.

Copyright
© 2015, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2015 International Conference on Artificial Intelligence and Industrial Engineering
Series
Advances in Intelligent Systems Research
Publication Date
July 2015
ISBN
978-94-62520-70-7
ISSN
1951-6851
DOI
10.2991/aiie-15.2015.63How to use a DOI?
Copyright
© 2015, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - W. Guo
AU  - L. Wang
AU  - H.X. Zhou
PY  - 2015/07
DA  - 2015/07
TI  - A Behavior Approach to Instant Messaging Worm Detection
BT  - Proceedings of the 2015 International Conference on Artificial Intelligence and Industrial Engineering
PB  - Atlantis Press
SP  - 225
EP  - 228
SN  - 1951-6851
UR  - https://doi.org/10.2991/aiie-15.2015.63
DO  - 10.2991/aiie-15.2015.63
ID  - Guo2015/07
ER  -