Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
IEEE Security and Privacy
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Entropy Based Worm and Anomaly Detection in Fast IP Networks
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
Proceedings of the 15th annual international conference on Mobile computing and networking
Experimenting with an Intrusion Detection System for Encrypted Networks
International Journal of Business Intelligence and Data Mining
| Hi-index | 0.00 |
Finding the cause for congested virtual private network (VPN) links that connect an office network over the Internet to remote company sites can be a hassle. Scan traffic of worm infected hosts is one important possible cause. We developed a scan detection tool, which continuously monitors network traffic on VPN gateway(s) and that reliably detects and reports worm infected hosts by tracking anomalous TCP, UDP and ICMP traffic. Our tool is not sensitive to most P2P software and was successfully tested on real production traffic as well as with traces of captured real and simulated worm traffic. Our various tests demonstrated a low false positive rate and a high detection rate. Our open source tool is an extension to the free intrusion detection system Bro. It was developed jointly by ETH Zurich and Open Systems, a company offering managed security services, one of which is based on the presented worm scan detection tool