A Proposal for Worm Malware Detection by Using Association Rules

Many attacks of malware occur in these days especially worms. Worms can replicate itself inside the network and spread through each device connected to the network. To prevent these attacks we need a strong Intrusion Detection System to defy this kind of threats. In this proposal, we proposed a method to detect the worms, to be able to prevent the attacks and ensure our network safety. The function of the method is to aggregate the data packets that comes from the outside, and then analyze it. The method will extract the exact feature from a data set and check it if the packet weather it was a threat or a benign depending on rules stored in the database by using one of the data mining technique namely Association Rules. When detect occur a warning will be sounded and it will be stored as a threat, the control unit will arrange the alerts of the malware. We used the Association Rules technique because this technique can extract the wanted features for the malware and classify it as tables and give us the last result of detection. This technique help to reduce the amount of worm malware threats and make the system more accurate in detection.