Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
IEEE Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Large-scale vulnerability analysis
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Extracting Worm-Infected Hosts Using White List
SAINT '08 Proceedings of the 2008 International Symposium on Applications and the Internet
Hi-index | 0.00 |
The authors have proposed a method of identifying superspreaders by flow sampling and a method of extracting worm-infected hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters, 茂戮驴, the measurement period length, m*, the identification threshold of the flow count mwithin 茂戮驴, and H*, the identification probability for hosts with m= m*, remains unsolved. These three parameters seriously affect the worm-spreading property. In this paper, we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all the vulnerable hosts is bound by a given upper-limit during the time Trequired to develop a patch or an anti-worm vaccine.