Spectral Graph-based Cyber Worm Detection Using Phantom Components and Strong Node Concept
Loading...
Authors
Safar, Jamie L.
Tummala, Murali
McEachen, John C.
Subjects
Cyber Systems: Their Science, Engineering, and Security
anomaly detection
phantom components
spectral graph theory
strong node concept
worm
anomaly detection
phantom components
spectral graph theory
strong node concept
worm
Advisors
Date of Issue
2021-01-05
Date
2021
Publisher
HICSS
Language
Abstract
Innovative solutions need to be developed to defend against the continued threat of computer worms. We propose the spectral graph theory worm detection model that utilizes traffic dispersion graphs, the strong node concept, and phantom components to create detection thresholds in the eigenspectrum of the dual basis. This detection method is employed in our proposed model to quickly and accurately detect worm attacks with different attack characteristics. It also intrinsically identifies infected nodes, potential victims, and estimates the worm scan rate. We test our model against the worm-free NPS2013 dataset, a modeled Blaster worm, and the WannaCry CTU-Malware-Capture-Botnet-284-1 and CTU-Malware-Capture-Botnet-285-1 datasets. Our results show that the spectral graph theory worm detection model has better performance rates compared to other models reviewed in literature.
Type
Conference Paper
Description
17 USC 105 interim-entered record; under temporary embargo.
Series/Report No
Organization
Identifiers
NPS Report Number
Sponsors
Funder
U.S. Government affiliation is unstated in article text.
Format
9 p.
Citation
Safar, Jamie, Murali Tummala, and John McEachen. "Spectral Graph-based Cyber Worm Detection Using Phantom Components and Strong Node Concept." Proceedings of the 54th Hawaii International Conference on System Sciences. 2021.