Node Behavior Based Fast Malware Detection for Enterprise Networks

Download Now Date Added: Jun 2010
Format: PDF

Node behavior profiling is a promising tool in many aspects of network security, especially in malware detection. In this paper, based on node behavior profiles proposed in the literature, the authors propose a fast anomaly detection scheme using SPRT (Sequential Probability Ratio Test) for malware/worm detection. The key idea of this paper is, instead of checking most of the nodes in a network, only a small number of sample nodes are required for detection with the help of SPRT. In their initial studies, they evaluate the fast detection scheme using real enterprise data (LBNL traces). The results show that the fast detection scheme achieves good performances in terms of low false positive and high detection rates.