A multi-level security based autonomic parameter selection approach for an effective and early detection of internet worms

Kumar Simkhada, Tarik Taleb, Yuji Waizumi, Abbas Jamalipour, Kazuo Hashimoto, Nei Kato, Yoshiaki Nemoto

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

In light of the fast propagation of recent Internet worms, human intervention in securing the Internet during worm outbreaks is of little significance. In order to reduce the damage worms may cause, existing Intrusion Detection Systems (IDSs) need to be adaptive to the security-related requirements of their monitoring networks. This paper presents a Multilevel security based Autonomic Parameter Selector (MAPS) that can be implemented over any existing IDSs. The deployment architecture consists of a number of hierarchically placed local security managers, metropolitan security managers, and a global security manager. These security managers report events to a Worm Advisory System (WAS). WAS accordingly sets the threat level of the network. Based on this level, MAPS selects the most optimum parameters for the entire IDS to combat against the propagating worm. The MAPS architecture maintains the system performance by constantly evaluating three metrics, namely False Negative Avoidance, False Positive Avoidance, and Performance Overhead. Extensive experiments, using real network traffic and a recently proposed worm detection system, demonstrate that MAPS is capable of advising an IDS with optimum parameter values to effectively and promptly hinder further propagation of worms.

Original languageEnglish
Title of host publicationGLOBECOM - IEEE Global Telecommunications Conference
DOIs
Publication statusPublished - 2006
Externally publishedYes
EventIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference - San Francisco, CA
Duration: 2006 Nov 272006 Dec 1

Other

OtherIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
CitySan Francisco, CA
Period06/11/2706/12/1

    Fingerprint

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Simkhada, K., Taleb, T., Waizumi, Y., Jamalipour, A., Hashimoto, K., Kato, N., & Nemoto, Y. (2006). A multi-level security based autonomic parameter selection approach for an effective and early detection of internet worms. In GLOBECOM - IEEE Global Telecommunications Conference [4150932] https://doi.org/10.1109/GLOCOM.2006.302