A Real-Time Worm Outbreak Detection System Using Shared Counters

Authors:
Miad Faezipour;Mehrdad Nourani;Rina Panigrahy
Affiliations:
University of Texas at Dallas, Richardson;University of Texas at Dallas, Richardson;Microsoft Research Lab
Venue:
HOTI '07 Proceedings of the 15th Annual IEEE Symposium on High-Performance Interconnects
Year:
2007

Citing 0
Cited 3

A hardware platform for efficient worm outbreak detection

ACM Transactions on Design Automation of Electronic Systems (TODAES)
A behavioral analysis engine for network traffic

CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
A patient-adaptive profiling scheme for ECG beat classification

IEEE Transactions on Information Technology in Biomedicine

Quantified Score

Hi-index	0.00

Visualization

Abstract

New networking applications such as Network Intrusion Detection Systems (NIDS) require finding the frequently repeated strings in a packet stream for further investigation. The strategy of finding frequently repeated strings within a given time frame of the packet stream has been quite efficient to detect the polymorphic worms. A novel real-time worm outbreak detection system using two-phase hashing is proposed in this paper. We use the concept of shared counters to minimize the memory cost while efficiently sifting through suspicious strings. We have simulated our system for various settings and packet stream sizes. Our system can support line speed of gigabit-rates with negligible false positive and negative.