Catching Instant Messaging Worms With Change-Point Detection Techniques
Source: Peking University
Instant Messaging (IM) systems have gained a lot of popularity in recent years. The increasing number of IM users has lured malware authors to develop more worms and viruses that spread in IM networks. In response to such growing security threat to IM systems, it is imperative to develop a fast and responsive IM worm detection system. In this paper, the authors apply change-point detection techniques to catch two families of IMworms, one aimed at infecting all vulnerable machines as quickly as possible and the other aimed at spreading slowly in a stealthy fashion to evade detection. Experimental results demonstrate that the proposed solutions are very effective in detecting both families of IM worms.