Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
An introduction to signal detection and estimation (2nd ed.)
An introduction to signal detection and estimation (2nd ed.)
The Mathematics of Infectious Diseases
SIAM Review
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The impact of stochastic variance on worm propagation and detection
Proceedings of the 4th ACM workshop on Recurring malcode
Deterministic and stochastic models for the detection of random constant scanning worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
| Hi-index | 0.00 |
This paper discusses the problem of automatically detecting the existence of Random Constant Scanning (RCS) worm epidemics on the Internet by observing packet traffic in a local network. The propagation of the RCS worm is modelled as a simple epidemic. An optimal hypothesis-testing approach is presented to detect simple epidemics under idealized conditions based on the cumulative sums of log-likelihood ratios. It is shown that there are limitations on the ability of this optimal method to detect several important subclasses of RCS worm epidemics even under idealized conditions.