Reaching Agreement in the Presence of Faults
Journal of the ACM (JACM)
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
Some constraints and tradeoffs in the design of network communications
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Epidemic profiles and defense of scale-free networks
Proceedings of the 2003 ACM workshop on Rapid malcode
Cyber defense technology networking and evaluation
Communications of the ACM - Homeland security
An integrated experimental environment for distributed systems and networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Microscopic Simulation of a Group Defense Strategy
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Collaborative Internet Worm Containment
IEEE Security and Privacy
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Host-based detection of worms through peer-to-peer cooperation
Proceedings of the 2005 ACM workshop on Rapid malcode
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
When gossip is good: distributed probabilistic inference for detection of slow network intrusions
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
Robust reactions to potential day-zero worms through cooperation and validation
ISC'06 Proceedings of the 9th international conference on Information Security
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Dependency-based distributed intrusion detection
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Security against probe-response attacks in collaborative intrusion detection
Proceedings of the 2007 workshop on Large scale attack defense
Secure Sharing of an ICT Infrastructure through Vinci
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
International Journal of Sensor Networks
Towards automated detection of peer-to-peer botnets: on the limits of local approaches
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Uncovering Global Icebergs in Distributed Streams: Results and Implications
Journal of Network and Systems Management
Scalable Stealth Mode P2P Overlays of Very Small Constant Degree
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Asynchronous peer-to-peer data mining with stochastic gradient descent
Euro-Par'11 Proceedings of the 17th international conference on Parallel processing - Volume Part I
Argumentation logic to assist in security administration
Proceedings of the 2012 workshop on New security paradigms
Hi-index | 0.00 |
We present a method for detecting large-scale worm attacks using only end-host detectors. These detectors propagate and aggregate alerts to cooperating partners to detect large-scale distributed attacks in progress. The properties of the host-based detectors may in fact be relatively poor in isolation but when taken collectively result in a high-quality distributed worm detector. We implement a cooperative alert sharing protocol coupled with distributed sequential hypothesis testing to generate global alarms about distributed attacks. We evaluate the system's response in the presence of a variety of false alarm conditions and in the presence of an Internet worm attack. Our evaluation is conducted with agents on the Emulab and DETER emulated testbeds using real operating systems and computing platforms.