ANALISA PENDETEKSIAN WORM dan TROJAN PADA JARINGAN INTERNET UNIVERSITAS SEMARANG MENGGUNAKAN METODE KALSIFIKASI PADA DATA MINING C45 dan BAYESIAN NETWORK

<p>Worm attacks become a dangerous threat and cause damage in the Internet network. If the Internet network worms and trojan attacks the very disruption of traffic data as well as create bandwidth capacity has increased and wasted making the Internet connection is slow. Detecting worms and trojan on the Internet network, especially new variants of worms and trojans and worms and trojans hidden is still a challenging problem. Worm and trojan attacks generally occur in computer networks or the Internet which has a low level of security and vulnerable to infection. The detection and analysis of the worm and trojan attacks in the Internet network can be done by looking at the anomalies in Internet traffic and internet protocol addresses are accessed.<br />This research used experimental research applying C4.5 and Bayesian Network methods to accurately classify anomalies in network traffic internet. Analysis of classification is applied to an internet address, internet protocol and internet bandwidth that allegedly attacked and trojan worm attacks.<br />The results of this research is a result of analysis and classification of internet addresses, internet protocol and internet bandwidth to get the attack worms and trojans.</p>

SMART WORMS DEFENSE AND DETECTION

There are several worm attacks in the recent years, this leads to an essentiality of producing new detection technique for worm attacks. In this paper we present a spectrum based smart worm detection scheme, this is based on the idea of detection of worm in the frequency domain. This scheme uses the power spectral density of the scan traffic volume and its corresponding flatness measure to distinguish the smart worm traffic from background traffic. This scheme showed better results against the smart worms and also for the c-worm detection.

Network Intrusion Detection and Prevention Systems on Flooding and Worm Attacks

The Internet has transformed greatly the improved way of business, this vast network and its associated technologies have opened the doors to an increasing number of security threats which are dangerous to networks. The first part of this chapter presents a new dimension of denial of service attacks called TCP SYN Flood attack has been witnessed for severity of damage and second part on worms which is the major threat to the internet. The TCP SYN Flood attack by means of anomaly detection and traces back the real source of the attack using Modified Efficient Packet Marking algorithm (EPM). The mechanism for detecting the smart natured camouflaging worms which is sensed by means of a technique called Modified Controlled Packet Transmission (MCPT) technique. Finally the network which is affected by these types of worms are detected and recovered by means of Modified Centralized Worm Detector (MCWD) mechanism. The Network Intrusion Detection and Prevention Systems (NIDPS) on Flooding and Worm Attacks were analyzed and presented.

Distributed Software-Attestation Defense against Sensor Worm Propagation

Wireless sensor networks are vulnerable to sensor worm attacks in which the attacker compromises a few nodes and makes these compromised nodes initiate worm spread over the network, targeting the worm infection of the whole nodes in the network. Several defense mechanisms have been proposed to prevent worm propagation in wireless sensor networks. Although these proposed schemes use software diversity technique for worm propagation prevention under the belief that different software versions do not have common vulnerability, they have fundamental drawback in which it is difficult to realize the aforementioned belief in sensor motes. To resolve this problem, we propose on-demand software-attestation based scheme to defend against worm propagation in sensor network. The main idea of our proposed scheme is to perform software attestations against sensor nodes in on-demand manner and detect the infected nodes by worm, resulting in worm propagation block in the network. Through analysis, we show that our proposed scheme defends against worm propagation in efficient and robust manner. Through simulation, we demonstrate that our proposed scheme stops worm propagation at the reasonable overhead while preventing a majority of sensor nodes from being infected by worm.