Tackling worm detection speed and false alarm in virus throttling

Authors:
Jangbok Kim;Jaehong Shim;Gihyun Jung;Kyunghee Choi
Affiliations:
Graduate School of Information and Communication, Ajou University, Suwon, South Korea;Department of Internet Software Engineering, Chosun University, Gwangju, South Korea;School of Electrics Engineering, Ajou University, Suwon, South Korea;Graduate School of Information and Communication, Ajou University, Suwon, South Korea
Venue:
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Year:
2006

Citing 4
Cited 0

Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Network Worm Vaccine Architecture

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Inside the Slammer Worm

IEEE Security and Privacy
Implementing and testing a virus throttle

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects.