Open Science Research Excellence
%0 Journal Article
%A Dima Stopel and  Zvi Boger and  Robert Moskovitch and  Yuval Shahar and  Yuval Elovici
%D 2008 
%J  International Journal of Computer, Electrical, Automation, Control and Information Engineering
%B World Academy of Science, Engineering and Technology
%I International Science Index 21, 2008
%T Improving Worm Detection with Artificial Neural Networks through Feature Selection and Temporal Analysis Techniques
%V 21
%X Computer worm detection is commonly performed by
antivirus software tools that rely on prior explicit knowledge of the
worm-s code (detection based on code signatures). We present an
approach for detection of the presence of computer worms based on
Artificial Neural Networks (ANN) using the computer's behavioral
measures. Identification of significant features, which describe the
activity of a worm within a host, is commonly acquired from security
experts. We suggest acquiring these features by applying feature
selection methods. We compare three different feature selection
techniques for the dimensionality reduction and identification of the
most prominent features to capture efficiently the computer behavior
in the context of worm activity. Additionally, we explore three
different temporal representation techniques for the most prominent
features. In order to evaluate the different techniques, several
computers were infected with five different worms and 323 different
features of the infected computers were measured. We evaluated
each technique by preprocessing the dataset according to each one
and training the ANN model with the preprocessed data. We then
evaluated the ability of the model to detect the presence of a new
computer worm, in particular, during heavy user activity on the
infected computers.
%P 3185 - 3191