The internet worm program: an analysis
ACM SIGCOMM Computer Communication Review
The “worm” programs—early experience with a distributed computation
Communications of the ACM
Algorithm 457: finding all cliques of an undirected graph
Communications of the ACM
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
A symbolic representation of time series, with implications for streaming algorithms
DMKD '03 Proceedings of the 8th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery
Proceedings of the 2003 ACM workshop on Rapid malcode
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
The WOMBAT Attack Attribution Method: Some Results
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Honeypot trace forensics: The observation viewpoint matters
Future Generation Computer Systems
HARMUR: storing and analyzing historic data on malicious domains
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Hi-index | 0.00 |
In [6], Pouget et al. have conjectured the existence of so-called multi-headed worms and found a couple of them on attack traces collected on a single honeypot. These worms take advantage of several distinct attack techniques to propagate but they use only one of them against a given target. From a victim's viewpoint, they are therefore indistinguishable from the other classical worms that always propagate using the same attack vector or same sequence of attack vectors. This paper aims at confirming the existence of these worms by studying a very large dataset. The validation process led to three important contributions. First, we establish the existence and assess the importance of three distinct classes of attacks seen in the wild. Second, we propose a new method to correlate attack traces time series and apply it to search for multi-headed worms. Third, we offer and discuss results of the analysis of 15 months of data gathered over 28 different platforms located all over the world.