Abstract
Detection and containment of unknown malware are challenging tasks. In this research we propose an innovative distributed framework for detection and containment of new worm-related malware. The framework consists of distributed agents that are installed at several client computers and a Centralized Decision Maker module (CDM) that interacts with the agents. The new detection process is performed in two phases. In the first phase agents detect potential malware on local machines and send their detection results to the CDM. In the second phase, the CDM builds a propagation graph for every potential malware. These propagation graphs are compared to known malware propagation characteristics in order to determine whether the potential malware is indeed a malware. All the agents are notified with a final decision in order to start the containment process. The new framework was evaluated and the results are promising. © 2008 Springer Berlin Heidelberg.
Author supplied keywords
Cite
CITATION STYLE
Rozenberg, B., Gudes, E., & Elovici, Y. (2008). A distributed framework for the detection of new worm-related malware. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5376 LNCS, pp. 179–190). https://doi.org/10.1007/978-3-540-89900-6_19
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
