How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Dynamic Quarantine of Internet Worms
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Modeling and Automated Containment of Worms
IEEE Transactions on Dependable and Secure Computing
A Quasi-Species Model for the Propagation and Containment of Polymorphic Worms
IEEE Transactions on Computers
Modeling the spread of internet worms via persistently unpatched hosts
IEEE Network: The Magazine of Global Internetworking
A worm containment model based on neighbor-alarm
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Hi-index | 0.00 |
How to detect and alleviate intelligent worms with the characteristic of both slow scanning rate and high vulnerability density? Here, we present a scheme to solve the problem. Different from previous schemes, which set a limit on instantaneous scanning rate against each host, the scheme considered in this paper counts the number of unique IP addresses contacted by all hosts of a subnet over a period and sets a threshold to determine whether the subnet is suspicious. Specially, we consider the similarity of information required by users belonging to the same subnet. The result shows that our scheme is effective against slow scanning worms and worms with high vulnerability density.