A Theory for Multiresolution Signal Decomposition: The Wavelet Representation
IEEE Transactions on Pattern Analysis and Machine Intelligence
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Why is the internet traffic bursty in short time scales?
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A Multi-Resolution Approach forWorm Detection and Containment
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Online supervised spam filter evaluation
ACM Transactions on Information Systems (TOIS)
Worms vs. perimeters: the case for hard-LANs
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Email Worm Mitigation by Controlling the Name Server Response Rate
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
On the Benefits of Early Filtering of Botnet Unwanted Traffic
ICCCN '09 Proceedings of the 2009 Proceedings of 18th International Conference on Computer Communications and Networks
Empirical analysis of rate limiting mechanisms
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Wavelet analysis of long-range-dependent traffic
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Compromised end-user machines are an important source of the unwanted traffic that traverses the Internet. These machines have typically installed in them malicious software that misuses their network resources. Thereby, the packet streams that a compromised machine sends out consists of legitimate and unwanted packets. In this work, we present a traffic regulation method that limits the number of unwanted packets that such machines send to the Internet. The method operates on the time-series representation of a packet stream and it examines the "burstiness" instead of the rate of packets. The method filters out packets from this stream using signatures produced with wavelet-based multi-resolution analysis, along with a similarity measure. We evaluate the proposed method with real traffic traces (i.e., Domain Name System queries from legitimate end-users and e-mail worms) and compare it with a rate limiting method. We show that the method limits the amount of unwanted traffic that a compromised end-user machine sends to the Internet while it has, compared to the rate limiting method, a lower number of legitimate packet drops.