Organizations, business enterprise, government agencies and institutions depend on computer network to carry out routine activities because computer network provides a flexible, convenient and cost-effective way of storing, sharing, retrieving and transferring information. As these routine activities are carried out on the network, one great threat to these information assets is that of computer worm attacks. Traditionally, detection method involves the use of firewall, but despite that, computer worms still finds a way to evade them because of several weaknesses that exist in firewalls. In this research, the detection method considered is the use of Intrusion Detection System (IDS) behind routers and firewalls. This paper proposes an IDS that incorporates the signature-based and anomaly-based detection scheme that functions as an independent IDS to form a hybrid signature-based-anomaly-based detection system. The hybrid system improved the effectiveness and reliability of computer worm detection by a very great extent and thus it should be used at strategic locations on the network to provide a distributed solution with a defence-in-depth network security architecture.

A network is a connected collection of devices and end systems, such as computers, printers and servers which can communicate with each other (Cisco, 2009). Networks are implemented and used in homes, small businesses, large enterprise and in government organizations. Network-based systems are the computers, peripherals and applications installed on a network (Tzeyoung, 2009). A network consists of components such as personal computers, interconnections, switches, routers and firewalls, and each of these components perform distinct functions and work as a system, enabling user to access information faster, reliably, securely, cost-effectively and conveniently on the intranet or Internet. The network can be local or mobile, connection-oriented or connectionless (Cisco, 2009).

In recent times, there has been a large increase in the use of Internet in business enterprise and many organizations because of its great advantage in improving productivity. This implies that there are a lot of organizations’ data such as business strategy, product formulae, employee details and other confidential details on the Internet, which means highly sensitive information travels through the network. The transfer of such sensitive data attracts attackers to steal or destroy information and interfere with the network connection for fun, fame or money. One common attacker’s tool to infiltrate such stealthy attack is through computer worm (Tachibana, 2010).

Information Technology Journal, Worm attack, Intrusion Detection System (IDS), Firewalls, Routers, Signaturebased detection, Anomaly-based detection .