About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
CCS 2008
Conference paper
A data mining approach for analysis of worm activity through automatic signature generation
Abstract
This paper proposes a novel framework to automatically discover and analyze traffc generated by computer worms and other anomalous behaviors that interact with a non-solicited traffc monitoring system. Network packets are analyzed by an Intrusion Detection System (IDS), and new signatures are generated clustering those which remain unknown for the IDS. Furthermore, the framework provides a mechanism to cluster the alarms produced by the IDS producing a correlated vision of the traffc observed. Both the automatic signature generation and the alarm clusters are accomplished using data mining techniques. © 2009 IEEE.