Setting a Worm Attack Warning by Using Machine Learning to Classify NetFlow Data

The authors present a worm warning system that leverages the reliability of IP-Flow and the effectiveness of machine learning techniques. Their system aims at setting an alarm in case a node is behaving maliciously. Typically, a host infected by a scanning or an email worm initiates a significant amount of traffic that does not rely on DNS to translate names into numeric IP addresses. Based on this fact, they capture and classify NetFlow records to extract features that uniquely identify worm's flow. The features are encapsulated into a set of feature patterns to train the Support Vector Machines (SVM).

Provided by: International Journal of Computer Applications Topic: Security Date Added: Dec 2011 Format: PDF

Find By Topic