Traffic characterization of the web server attacks of worm viruses

Abstract

With the explosive popularity of the Internet, the number of accessible web servers has proliferated as well. Subsequently, malicious attacks on these servers via viruses have become more prevalent. Due to the self-propagation and self-duplication nature of these viruses, such attacks can congest the network quickly, aggravating the already limited bandwidth available and curtail service provided by the server, eventually leading to denial of all services. The IIS, in particular, has been gravely affected by such Denial of Service (DoS) attacks. Hence, various methods to prevent such attacks from affecting the network and server have been researched and proposed. In this paper, we analyze the characteristics of worm virus attack traffics, by extracting and analyzing virus attack logs. With the use of various statistical methods, we show that worm attack patterns show self-similarity with Hurst parameter H. Our purpose is to use this characteristic in annulling the negative effects of worm attacks