Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly detection, rendering existing IDSes (particularly signature-based) less effective. We propose PAIDS, a proximity-assisted IDS approach for identifying the outbreak of unknown worms. Operating on an orthogonal dimension with existing IDSes, PAIDS can work collaboratively with existing IDSes for better performance. Trace-driven evaluation indicates that PAIDS has high detection rates and low false-positive rates. We also build a prototype with Google Maps APIs and libpcap library.
展开▼
