Keywords : Malware
AL-Rafidain Journal of Computer Sciences and Mathematics,
2013, Volume 10, Issue 2, Pages 43-60
In order to make use of the web services, it has recently become inevitable to connect computers to the internet. This connection, however, make the computers prone to the challenges of intrusion and hacking.
The present study tackles the problem of computers' vulnerability to malware such as worm: a self-replicate computer program that spontaneously copies itself to the vulnerable systems and spreads through the web exploiting security gaps and posing a great danger to the web community.
The study resorts to the design and implementation of a fast scanning worm detection tool. The tool depends on counting failed connection attempts after study of the indicators of failed connection.
The tool performance is examined offline by using the real traffic for inbound and outbound packets of the network of the university of Mosul. After examining the net, we used the core switch to monitor the university's inbound and outbound traffic, where the collecting process of data took place on different periods to show the public layout of the net. The study comes up to the conclusion that the monitoring tool was capable of detecting the infected computers which performs anomalous behavior and allocating worm propagation periods (the growth phase of worm) accurately.
The tool is implemented by using the sixth version of java. It is applied under the Microsoft windows operating system environment and the protocol suites known as TCP/IP.