IEEE Transactions on Software Engineering - Special issue on computer security and privacy
IEEE Spectrum
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Measuring and Modeling Computer Virus Prevalence
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Routing Worm: A Fast, Selective Attack Worm Based on IP Address Information
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
On the performance of internet worm scanning strategies
Performance Evaluation
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Intrusion detection using sequences of system calls
Journal of Computer Security
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
A new worm exploiting IPv4-IPv6 dual-stack networks
Proceedings of the 2007 ACM workshop on Recurring malcode
On the trade-off between speed and resiliency of flashworms and similar malcodes
Proceedings of the 2007 ACM workshop on Recurring malcode
Efficient simulation of Internet worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Optimum Identification of Worm-Infected Hosts
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks
Orientation accuracy analysis of multiple satellite networks using epidemic model
International Journal of Systems Science
Towards controlling virus propagation in information systems with point-to-group information sharing
Decision Support Systems
Is early warning of an imminent worm epidemic possible?
IEEE Network: The Magazine of Global Internetworking
A new worm exploiting IPv6 and IPv4-IPv6 dual-stack networks
IEEE Network: The Magazine of Global Internetworking
Defending against the propagation of active worms
The Journal of Supercomputing
Creation of the importance scanning worm using information collected by Botnets
Computer Communications
A survey on bio-inspired networking
Computer Networks: The International Journal of Computer and Telecommunications Networking
On-line prediction of nonstationary variable-bit-rate video traffic
IEEE Transactions on Signal Processing
Monitoring abnormal traffic flows based on independent component analysis
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Markov random fields for malware propagation: the case of chain networks
IEEE Communications Letters
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Modeling and containment of search worms targeting web applications
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Behavior-based worm detectors compared
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Characterizing internet worm infection structure
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Analysis and control stratagems of flash disk virus dynamic propagation model
Security and Communication Networks
Adaptive pattern mining model for early detection of botnet-propagation scale
Security and Communication Networks
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
An agent-based model to simulate coordinated response to malware outbreak within an organisation
International Journal of Information and Computer Security
A scalable network forensics mechanism for stealthy self-propagating attacks
Computer Communications
CBSTM: Cloud-based Behavior Similarity Transmission Method to Detect Industrial Worms
Proceedings of the Second International Conference on Innovative Computing and Cloud Computing
Hi-index | 0.00 |
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating worm can quickly spread across the Internet and cause severe damage to our society. Facing this great security threat, we need to build an early detection system that can detect the presence of a worm in the Internet as quickly as possible in order to give people accurate early warning information and possible reaction time for counteractions. This paper first presents an Internet worm monitoring system. Then, based on the idea of "detecting the trend, not the burst" of monitored illegitimate traffic, we present a "trend detection" methodology to detect a worm at its early propagation stage by using Kalman filter estimation, which is robust to background noise in the monitored data. In addition, for uniform-scan worms such as Code Red, we can effectively predict the overall vulnerable population size, and estimate accurately how many computers are really infected in the global Internet based on the biased monitored data. For monitoring a nonuniform scan worm, especially a sequential-scan worm such as Blaster, we show that it is crucial for the address space covered by the worm monitoring system to be as distributed as possible.