IEEE Spectrum
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Measuring and Modeling Computer Virus Prevalence
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
ACT: attachment chain tracing scheme for email virus detection and control
Proceedings of the 2004 ACM workshop on Rapid malcode
Worm propagation modeling and analysis based on quarantine
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Modeling Viral Spread by Random Scanning and Its Relationship with the Epidemiological Model
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Distributed Worm Simulation with a Realistic Internet Model
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Comparative Study between Analytical Models and Packet-Level Worm Simulations
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Collaborative Internet Worm Containment
IEEE Security and Privacy
The Blaster Worm: Then and Now
IEEE Security and Privacy
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
A self-learning worm using importance scanning
Proceedings of the 2005 ACM workshop on Rapid malcode
Defending against hitlist worms using network address space randomization
Proceedings of the 2005 ACM workshop on Rapid malcode
The limits of global scanning worm detectors in the presence of background noise
Proceedings of the 2005 ACM workshop on Rapid malcode
The detection of RCS worm epidemics
Proceedings of the 2005 ACM workshop on Rapid malcode
An initial analysis and presentation of malware exhibiting swarm-like behavior
Proceedings of the 2006 ACM symposium on Applied computing
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
On the performance of internet worm scanning strategies
Performance Evaluation
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Towards scalable and robust distributed intrusion alert fusion with good load balancing
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Exact probability distributions for peer-to-peer epidemic information diffusion
ACM SIGMETRICS Performance Evaluation Review
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Effective worm detection for various scan techniques
Journal of Computer Security
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On the effectiveness of distributed worm monitoring
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms
IEEE Transactions on Dependable and Secure Computing
Defending against hitlist worms using network address space randomization
Computer Networks: The International Journal of Computer and Telecommunications Networking
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Deterministic and stochastic models for the detection of random constant scanning worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Optimal worm-scanning method using vulnerable-host distributions
International Journal of Security and Networks
A worm early detection system based on multi-similarity
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
LISABETH: automated content-based signature generator for zero-day polymorphic worms
Proceedings of the fourth international workshop on Software engineering for secure systems
LOBSTER: a European platform for passive network traffic monitoring
Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks & communities
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Correcting congestion-based error in network telescope's observations of worm dynamics
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense
Computer Communications
A Novel Worm Detection Model Based on Host Packet Behavior Ranking
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
A Distributed Framework for the Detection of New Worm-Related Malware
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
FDF: Frequency detection-based filtering of scanning worms
Computer Communications
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An integrated approach to detection of fast and slow scanning worms
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Efficient control of epidemics over random networks
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
On Automatically Detecting Malicious Impostor Emails
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Towards an analytic model of epidemic spreading in heterogeneous systems
The Fourth International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness & Workshops
Journal of Systems and Software
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security
Defending against the propagation of active worms
The Journal of Supercomputing
Honeypot detection in advanced botnet attacks
International Journal of Information and Computer Security
Worm propagation modeling based on two-factor model
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Self-adaptive worms and countermeasures
SSS'06 Proceedings of the 8th international conference on Stabilization, safety, and security of distributed systems
Real-time behaviour profiling for network monitoring
International Journal of Internet Protocol Technology
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Investigating the impact of real-world factors on internet worm propagation
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Economics of malware: epidemic risks model, network externalities and incentives
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Towards early warning systems: challenges, technologies and architecture
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Vulnerability analysis of high dimensional complex systems
SSS'10 Proceedings of the 12th international conference on Stabilization, safety, and security of distributed systems
An automated worm containment scheme
WISM'10 Proceedings of the 2010 international conference on Web information systems and mining
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
On detecting active worms with varying scan rate
Computer Communications
Robust reactions to potential day-zero worms through cooperation and validation
ISC'06 Proceedings of the 9th international conference on Information Security
A conceptual design of knowledge-based real-time cyber-threat early warning system
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Intelligent network-based early warning systems
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
NGCE – network graphs for computer epidemiologists
PCI'05 Proceedings of the 10th Panhellenic conference on Advances in Informatics
A new user-habit based approach for early warning of worms
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Adaptive method for monitoring network and early detection of internet worms
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Fast detection of worm infection for large-scale networks
ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
Model and estimation of worm propagation under network partition
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
A first look at peer-to-peer worms: threats and defenses
IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Detecting unknown worms using randomness check
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Models and analysis of active worm defense
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Port scan behavior diagnosis by clustering
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
TAO: protecting against hitlist worms using transparent address obfuscation
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A worm containment model based on neighbor-alarm
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Analysis of a "/0" stealth scan from a botnet
Proceedings of the 2012 ACM conference on Internet measurement conference
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
Hi-index | 0.00 |
After the Code Red incident in 2001 and the SQL Slammer in January 2003, it is clear that a simple self-propagating worm can quickly spread across the Internet, infects most vulnerable computers before people can take effective countermeasures. The fast spreading nature of worms calls for a worm monitoring and early warning system. In this paper, we propose effective algorithms for early detection of the presence of a worm and the corresponding monitoring system. Based on epidemic model and observation data from the monitoring system, by using the idea of "detecting the trend, not the rate" of monitored illegitimated scan traffic, we propose to use a Kalman filter to detect a worm's propagation at its early stage in real-time. In addition, we can effectively predict the overall vulnerable population size, and correct the bias in the observed number of infected hosts. Our simulation experiments for Code Red and SQL Slammer show that with observation data from a small fraction of IP addresses, we can detect the presence of a worm when it infects only 1% to 2% of the vulnerable computers on the Internet.