Spectral Graph-based Cyber Worm Detection Using Phantom Components and Strong Node Concept

Date
2021-01-05
Authors
Safar, Jamie
Tummala, Murali
Mceachen, John
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Innovative solutions need to be developed to defend against the continued threat of computer worms. We propose the spectral graph theory worm detection model that utilizes traffic dispersion graphs, the strong node concept, and phantom components to create detection thresholds in the eigenspectrum of the dual basis. This detection method is employed in our proposed model to quickly and accurately detect worm attacks with different attack characteristics. It also intrinsically identifies infected nodes, potential victims, and estimates the worm scan rate. We test our model against the worm-free NPS2013 dataset, a modeled Blaster worm, and the WannaCry CTU-Malware-Capture-Botnet-284-1 and CTU-Malware-Capture-Botnet-285-1 datasets. Our results show that the spectral graph theory worm detection model has better performance rates compared to other models reviewed in literature.
Description
Keywords
Cyber Systems: Their Science, Engineering, and Security, anomaly detection, phantom components, spectral graph theory, strong node concept, worm
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.