Fast Detection of Scanning Worm Infections

Fast Detection of Scanning Worm InfectionsShort Description
previous approaches to the scanning worm detection problem, in Section 7. Our … A scanning worm locates vulnerable hosts by generating a list of …

Website: nms.lcs.mit.edu | Filesize: 246kb

Content
Fast Detection of Scanning Worm Infections
Stuart E. Schechter1, Jaeyeon Jung2, and Arthur W. Berger2
1 Harvard DEAS,
33 Oxford Street, Cambridge MA 02138, USA,
stuart@eecs.harvard.edu
2 MIT CSAIL,
32 Vassar Street, Cambridge MA 02139, USA,
fjyjung,awbergerg@csail.mit.edu
Abstract. Worm detection and response systems must act quickly to
identify and quarantine scanning worms, as when left unchecked such
worms have been able to infect the majority of vulnerable hosts on the
Internet in a matter of minutes [9]. We present a hybrid approach to detecting
scanning worms that integrates significant improvements we have
made to two existing techniques: sequential hypothesis testing and connection
rate limiting. Our results show that this two-pronged approach
successfully restricts the number of scans that a worm can complete, is
highly effective, and has a low false alarm rate.
1 Introduction
Human reaction times are inadequate for detecting and responding to fast scanning…

Get the file Download here

AddThis Social Bookmark Button
Related Books:
  • A Self-Learning Worm Using Importance Scanning
  • Importance-Scanning Worm Using Vulnerable-Host Distribution
  • Autograph Toward Automated, Distributed Worm Signature Detection
  • Worm Evolution Tracking via Timing Analysis
  • Worm Origin Identification Using Random Moonwalks
  • Models of Internet Worm Defense
  • Chapter three Methods of spyware detection Filename matching File …
  • The Internet Worm Program An Analysis

    • Filed Under Worm, Computer Security 

    Related Searches: , , , ,



    Comments

    Leave a Reply