Abstract:
Computer worms that are found in networked systems present a serious threat to the networked computing community. The need for more reliable and efficient systems for worm containment has continued to be on the rise. Different systems for worm containment have been developed by different authors with attending weaknesses. Vigilante is a host based Intrusion Detection System (IDS) that detect worms by instrumenting vulnerable programs to analyse infection attempts. The objective of this research is to develop a Vigilante system for worm containment in a network which will improve system performance and enhance intrusion detection. In this research a Vigilante system that generates Self-Certifying Alerts (SCAs) was developed using Markov Chain algorithm. The algorithm is formulated such that upon detection, host generates Self-Certifying Alerts, which can be verified by any vulnerable host. Hosts receiving an SCA protect themselves by generating filters that block worm attack. The algorithm was implemented in Windows Vista environment using Visual Basic.Net programming language. Experimental results on different worms in the selected network demonstrate the system’s ability to successfully detect and contain worms that are invoked into the network. A comparison of the results obtained with results of some other algorithms shows good performance on the part of the proposed worm detection and containment system.
