Modelling And Detection Of Camouflaging Worm
In a system, worms are virus that are self- replicating on its own and resides in active memory but doesn’t alter
the files of a computer. Worm use that part of operating system which are automatic and usually invisible to the users.
Generally the worms come in notice, when the system becomes unreasonably slow due to their uncontrolled replication. We
investigate a new class of active worms, known as Camouflaging Worm (C-Worm in short). The C-Worm is different from
traditional worms, because it has a capability to intelligently manipulate its scan traffic volume overtime .C-Worm observe
the normal worm, those are under scan and develop capability by which they can hide themselves from scanning. Previously
detection technology were based on analyzing the worm traffic generated. On the contrary, our project scan them on the
basis of frequency domain in which we compare normal traffic and C-Worm infected traffic. In time domain it was hard to
distinguish between the two traffic (normal scan traffic and C-Worm infected traffic). Because of manipulative nature of
worm we have used SFM (Spectral Flatness Measure) and PSD (Power Spectral Density) SFM distinguish between
background traffic and C-Worm traffic. In PSD we give a threshold to the CPU and no application can have CPU usage
larger then this threshold.
Keywords— Camouflage, Worms.