Adaptive method for monitoring network and early detection of internet worms

Authors:
Chen Bo;Bin Xing Fang;Xiao Chun Yun
Affiliations:
The Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China;The Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China;The Department of Computer Science and Engineering, Harbin Institute of Technology, Harbin, China
Venue:
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Year:
2006

Citing 6
Cited 0

System identification (2nd ed.): theory for the user

System identification (2nd ed.): theory for the user
Code red worm propagation modeling and analysis

Proceedings of the 9th ACM conference on Computer and communications security
Monitoring and early warning for internet worms

Proceedings of the 10th ACM conference on Computer and communications security
Worm anatomy and model

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense

Proceedings of the 2003 ACM workshop on Rapid malcode
An Anomaly Intrusion Detection System Based on Vector Quantization

IEICE - Transactions on Information and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagation worm can quickly spread across the Internet. And every worm incidents can cause severe damage to our society. So it is necessary to build a system that can detect the presence of worm as quickly as possible. This paper first analyzes the worm’s framework and its propagation model. Then, we describe a new algorithm for detecting worms. Our algorithm first monitors the computers on network and gets the number of abnormal computers. Then based on the monitoring result, we detect an unknown worm by using recursive least squares estimation. The experiments result proves that our approach is effective to detect unknown worm.