AN INTELLIGENT SYSTEM FOR TRACKING NETWORK ATTACKS

Abstract

One of the most powerful weapons for attackers is the Internet worm. Specifically, the worm attacks vulnerable computer systems and employs self­ propagating methods to spread on the Internet rapidly. Since "Worm Viruses" is self­ propagated through the connected network, it doesn't need human interaction or file transmission to replicate itself. It spreads itself in minutes. In 2003, Slammer worm infected about 75,000 nodes through the internet in about 10 minutes. Since most of the antivirus programs detect viruses based on their signature, this approach can't detect new viruses or worms till being updated with their signature, which can't be known unless some systems had already been infected. These highlight the importance of the work in this thesis.

Our model is developed to detect unknown worm viruses by detecting its behavior in the network. Also, the model produce prediction to the infection percentage in the network.

The first contribution of this thesis is that a new model for detecting unknown worm viruses based on the collected information from local victim is implemented. This model uses Artificial Neural Network (ANN) to classify normal traffic from worm traffic in the network. This model can detect worms with accuracy of99.96%.

The second contribution of this thesis is the high prediction rate for the developed model in both small and large size network. In addition, this model has the ability of early worm detection effectively. The early detection is important in containment the worm propagation.