Predicting the Presence of Internet Worms using Novelty Detection
E. Marais, T. Marwala
TL;DR
This paper presents a novel autoencoder-based anomaly detection method using routing data to identify the presence of internet worms, enabling timely countermeasures against widespread cyber threats.
Contribution
It introduces a new approach employing autoencoders on routing information from individual routers to detect worm-induced anomalies.
Findings
Successfully detects global and localized routing instabilities caused by worms.
Uses data from a single router for anomaly detection.
Demonstrates potential for real-time worm detection.
Abstract
Internet worms cause billions of dollars in damage yearly, affecting millions of users worldwide. For countermeasures to be deployed timeously, it is necessary to use an automated system to detect the spread of a worm. This paper discusses a method of determining the presence of a worm, based on routing information currently available from Internet routers. An autoencoder, which is a specialized type of neural network, was used to detect anomalies in normal routing behavior. The autoencoder was trained using information from a single router, and was able to detect both global instability caused by worms as well as localized routing instability.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Spam and Phishing Detection · Advanced Malware Detection Techniques