CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 5812 > Article
Paper
28 March 2005 Shai-Hulud: The quest for worm sign
Holger M. Jaenisch, James W. Handley, Jeffery P. Faucheux, Ken Lamkin
Author Affiliations +
Proceedings Volume 5812, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005; (2005) https://doi.org/10.1117/12.603367
Event: Defense and Security, 2005, Orlando, Florida, United States
Abstract
Successful worm detection at real-time OC-48 and OC-192 speed requires hardware to extract web based binary sequences at faster than these speeds, and software to process the incoming sequences to identify worms. Computer hardware advancement in the form of field programmable gate arrays (FPGAs) makes real-time extraction of these sequences possible. Lacking are mathematical algorithms for worm detection in the real time data sequence, and the ability to convert these algorithms into lookup tables (LUTs) that can be compiled into FPGAs. Data Modeling provides the theory and algorithms for an effective mathematical framework for real-time worm detection and conversion of algorithms into LUTs. Detection methods currently available such as pattern recognition algorithms are limited both by the amount of time to compare the current data sequence with a historical database of potential candidates, and by the inability to accurately classify information that was unseen in the training process. Data Modeling eliminates these limitations by training only on examples of nominal behavior. This results in a highly tuned and fast running equation model that is compiled in a FPGA as a LUT and used at real-time OC-48 and OC-192 speeds to detect worms and other anomalies. This paper provides an overview of our approach for generating these Data Change Models for detecting worms, and their subsequent conversion into LUTs. A proof of concept is given using binary data from a WEBDAV, SLAMMER packet, and RED PROBE attack, with BASIC source code for the detector and LUT provided.
© (2005) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Holger M. Jaenisch, James W. Handley, Jeffery P. Faucheux, and Ken Lamkin "Shai-Hulud: The quest for worm sign", Proc. SPIE 5812, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, (28 March 2005); https://doi.org/10.1117/12.603367
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 9 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 5 scholarly publications and 2 patents.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Data modeling
Binary data
Field programmable gate arrays
Data conversion
Detection and tracking algorithms
Algorithms
Sensors
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top