Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Designing a Framework for Active Worm Detection on Global Networks
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Worm Detection, Early Warning and Response Based on Local Victim Information
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
| Hi-index | 0.00 |
Internet worms constitute a major threat to the security of today’s networks. They work by exploiting vulnerabilities in operating systems and application software that run on end systems. In this paper, an effective algorithm for fast detection of worms is proposed. It integrates the worms’ behavior attributes with their traffic distribution and detects abnormal behavior by their similarity distribution and changes in some of their attributes. The process of fast detection based on similarity is discussed in detail including threshold selection, similarity detection algorithm and fine analysis. Simulation experiments show that the detection algorithm can locate the worm infection prior to it spreading over the large-scale network.