System identification (2nd ed.): theory for the user
System identification (2nd ed.): theory for the user
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
An Anomaly Intrusion Detection System Based on Vector Quantization
IEICE - Transactions on Information and Systems
Hi-index | 0.00 |
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagation worm can quickly spread across the Internet. And every worm incidents can cause severe damage to our society. So it is necessary to build a system that can detect the presence of worm as quickly as possible. This paper first analyzes the worm’s framework and its propagation model. Then, we describe a new algorithm for detecting worms. Our algorithm first monitors the computers on network and gets the number of abnormal computers. Then based on the monitoring result, we detect an unknown worm by using recursive least squares estimation. The experiments result proves that our approach is effective to detect unknown worm.