Authors: Jason C. Hung, Chun-Chia Wang, Lun-Ping Hung, Anthony Y. Chang, Yi-Chun Liao
Addresses: Department of Information Management, Kuang Wu Institute of Technology, 151I Der Street, Peitou, Taipei, 112 Taiwan, ROC. ' Department of Information Management, Kuang Wu Institute of Technology, 151I Der Street, Peitou, Taipei, 112 Taiwan, ROC. ' Department of Information Management, Kuang Wu Institute of Technology, 151I Der Street, Peitou, Taipei, 112 Taiwan, ROC. ' Department of Information Management, The Overseas Chinese Institute of Technology, No. 100, Chiao Kuang Rd., Taichung 407, Taiwan, ROC. ' Department of Computer Science and Information Engineering, Tamkang University, Tamsui, Taipei Hsien, 251 Taiwan, ROC
Abstract: In this paper, we proposed a behaviour-based intrusion detection and response system for the internet worm. The LAWS (Lambent Anti-Worm System) can detect the intruded services and influenced range automatically. Besides, it also can analyse the key information of the intrusion. The worm can attack a large number of computers via a network in a very short period, especially distributed damage via the network services. Those worms always enter or attack computers by the backdoor or under-channel. There is no effective solution to prevent the damage caused by worms. We can stop the worm|s distribution and intrusion in advance according to the information from LAWS. In addition to detecting and preventing the distribution of well-known malicious worms, the LAWS can also defend against the future unknown, or new malicious worms. Mobile agents will help the LAWS to form a cooperated defence system (CDS) for other LAWS|s users over the internet. The contribution of our system is to decrease the response time of attack and reduce the damaged range. At the same time, it also diminishes the damage and decreases the fixed cost.
Keywords: lambent anti-worm system; LAWS; mobile agent; malicious worm; intrusion detection system; IDS; cooperated defence system; CDS; internet.
International Journal of Wireless and Mobile Computing, 2005 Vol.1 No.1, pp.70 - 77
Available online: 10 Nov 2005 *Full-text access for editors Access for subscribers Purchase this article Comment on this article