Abstract
Computer worms are very active and new sophisticated versions continuously appear. Signature-based detection methods work with a low false-positive rate, but previously knowledge about the threat is needed. Anomaly-based intrusion detection methods are able to detect new and unknown threats, but meaningful information for correct results is necessary. We propose an anomaly-based intrusion detection mechanism for the cloud which directly profits from the virtualization technologies in general. Our proposed anomaly detection system is isolated from spreading computer worm infections and it is able to detect unknown and new appearing computer worms. Using our approach, a spreading computer worm can be detected on the spreading behavior itself without accessing or directly influencing running virtual machines of the cloud.
Chapter PDF
Similar content being viewed by others
References
Microsoft, “Buffer overrun in rpc interface could allow code execution (823980)”
Felix Leder, T.W.: Know your enemy: Containing conficker
Group, C.W.: Lessons learned june 2010 (2011)
Nicolas Falliere, L.O.M., Chien, E.: W32.stuxnet dossier. In: Symantec Security Response
Payne, B.D., Lee, W.: Secure and flexible monitoring of virtual machines. In: Annual Computer Security Applications Conference, pp. 385–397 (2007)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Network and Distributed System Security Symposium (2003)
Roesch, M.: Snort: Lightweight intrusion detection for networks. In: USENIX Systems Administration Conference, pp. 229–238 (1999)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T.L., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Symposium on Operating Systems Principles, pp. 164–177 (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biedermann, S., Katzenbeisser, S. (2012). Detecting Computer Worms in the Cloud. In: Camenisch, J., Kesdogan, D. (eds) Open Problems in Network Security. iNetSec 2011. Lecture Notes in Computer Science, vol 7039. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27585-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-27585-2_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27584-5
Online ISBN: 978-3-642-27585-2
eBook Packages: Computer ScienceComputer Science (R0)