The quest for multi-headed worms

Van Hau Pham, Marc Dacier, Guillaume Urvoy-Keller, Taoufik En-Najjary

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

In [6], Pouget et al. have conjectured the existence of so-called multi-headed worms and found a couple of them on attack traces collected on a single honeypot. These worms take advantage of several distinct attack techniques to propagate but they use only one of them against a given target. From a victim's viewpoint, they are therefore indistinguishable from the other classical worms that always propagate using the same attack vector or same sequence of attack vectors. This paper aims at confirming the existence of these worms by studying a very large dataset. The validation process led to three important contributions. First, we establish the existence and assess the importance of three distinct classes of attacks seen in the wild. Second, we propose a new method to correlate attack traces time series and apply it to search for multi-headed worms. Third, we offer and discuss results of the analysis of 15 months of data gathered over 28 different platforms located all over the world.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 5th International Conference, DIMVA 2008, Proceedings
Pages247-266
Number of pages20
DOIs
Publication statusPublished - 27 Aug 2008
Event5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2008 - Paris, France
Duration: 10 Jul 200811 Jul 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5137 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2008
CountryFrance
CityParis
Period10/7/0811/7/08

    Fingerprint

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Pham, V. H., Dacier, M., Urvoy-Keller, G., & En-Najjary, T. (2008). The quest for multi-headed worms. In Detection of Intrusions and Malware, and Vulnerability Assessment - 5th International Conference, DIMVA 2008, Proceedings (pp. 247-266). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5137 LNCS). https://doi.org/10.1007/978-3-540-70542-0_13