Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Designing a Framework for Active Worm Detection on Global Networks
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
IEEE Security and Privacy
Hi-index | 0.00 |
Nowadays, worms have been one of the leading threats to information security and service availability. Current operational practices have not been able to manage the threat effectively. So it is very important to make early warning of the burst of worm in large scale network and extract the network signature automatically. Based on the TCP/IP Flows, the paper introduces a novel methodology to analyze the feature attributes of network traffic flow, including real-time data detection and traffic models. Integrated with data preprocessing, we construct an auto-signature extraction algorithm. We deployed them in our campus network (more than 20000 compuers with 400M/s). It is shown that the worms are detected with more efficiency and the worm signature is extracted accurately.