SYN Scanning Worm Detection

Fast Detection of Scanning Worm Infections

Worm detection and response systems must act quickly to identify and quarantine scanning worms, as when left unchecked such worms have been able to infect the majority of vulnerable hosts on the Internet in a matter of minutes [9]. We present a hybrid approach to detecting scanning worms that integrates significant improvements we have made to two existing techniques: sequential hypothesis test...

Syn-flooding Attack Detection Mechanism

Denial of Service (DoS) is a security threat which compromises the confidentiality of information stored in Local Area Networks (LANs) due to unauthorized access by spoofed IP addresses. SYN Flooding is a type of DoS which is harmful to network as the flooding of packets may delay other users from accessing the server and in severe cases, the server may need to be shut down, wasting valuable re...

Enhanced TCP SYN Attack Detection

In this paper, we analyze the stateless SYNSYN&ACK and SYN-FIN/RST detection mechanisms for TCP SYN attacks. We indicate the inherent vulnerability of the SYN-FIN/RST detection mechanism caused by the computation of the RST packet counts. We indicate why SYNSYN&ACK is a more efficient and reliable detection mechanism than SYN-FIN/RST. We come up with ‘Bot Buddies’ for TCP SYN attacks and explai...

Behavior - Based Worm Detection

Intelligent System for Worm Detection

Worms are on the top of malware threats attacking computer system although of the evolution of worms detection techniques. Early detection of unknown worms is still a problem. This paper produce a method for detecting unknown worms based on local victim information. The proposed system uses Artificial Neural Network (ANN) for classifying worm/ nonworm traffic and predicting the percentage of in...