Worm Detection Using Local Networks

Show full item record

Please use this identifier to cite or link to this item: http://hdl.handle.net/1853/6489

Title: Worm Detection Using Local Networks
Author: Qin, Xinzhou ; Dagon, David ; Gu, Guofei ; Lee, Wenke
Abstract: The need for a global monitoring system for Internet worm detection is clear. Likewise, the need for local detection and response is also obvious. In this study, we used a large data set to review some of the worm monitoring and detection strategies proposed for large networks, and found them difficult to apply to local networks. In particular, the Kalman filter and victim number-based approaches proved unsuitable for smaller networks. They are of course appropriate for large systems, but what work well for local networks? We propose two algorithms tailored for local network monitoring needs. First, the Destination Source Correlation (DSC) algorithm focuses on the infection relation, and tracks real infected hosts (and not merely scans) to provide an accurate response. Second, the HoneyStat system provides a way to track the short-term infection behavior used by worms. Potentially, this provides a basis for statistical inference about a worm’s behavior on a network.
Type: Technical Report
URI: http://hdl.handle.net/1853/6489
Date: 2004
Relation: CC Technical Report; GIT-CC-04-04
Publisher: Georgia Institute of Technology
Subject: Local area networks
Worms

All materials in SMARTech are protected under U.S. Copyright Law and all rights are reserved, unless otherwise specifically indicated on or in the materials.

Files in this item

Files Size Format View
GIT-CC-04-04.pdf 377.7Kb PDF View/ Open

This item appears in the following Collection(s)

Show full item record