A Novel Approach to Worm Detection Systems

Abstract

Computer worms are a type of malicious malware that prey on networked machines. A number of different detection mechanisms have been presented in the literature to detect worms. However, a common drawback of these mechanisms is that any failure to detect the worms results in damaging the real machines. This study proposes a new approach to detection that goes beyond the currently available signature and behavior-based approaches. In contrast to the traditional worm detection system (𝑊𝐷𝑆) that use signature and behavior-based approaches, our proposed approach is based on detection by the damage caused by worms on dummy machines rather than the real machines. The proposed 𝑊𝐷𝑆 adds additional security as compared to the currently used systems by allowing worms to conduct their normal behavior in a dummy host, thus protecting the rest of the network from damage. The proposed 𝑊𝐷𝑆 was designed within a network setting and was capable of sending and receiving files and messages between hosts as part of the overall detection mechanism.