Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2005
IEEE
2005
IEEE
DNS-based Detection of Scanning Worms in an Enterprise Network
Worms are arguably the most serious security threat facing the Internet. Seeking a detection technique that is both sufficiently efficient and accurate to enable automatic containment of worm propagation at the network egress points, we propose a new technique for the rapid detection of worm propagation from an enterprise network. It relies on the correlation of Domain Name System (DNS) queries with outgoing connections from an enterprise network. Improvements over existing scanning worm detection techniques include: (1) the possibility to detect worm propagation after only a single infection attempt; (2) the capacity to detect zero-day worms; and (3) a low false positive rate. The precision of this first-mile detection technique supports the use of automated containment and suppression strategies to stop fast scanning worms before they leave the network boundary. We believe that this technique can be applied with the same precision to identify other forms of malicious behavior wit...
Real-time TrafficRelated Content
| Added | 25 Jun 2010 |
| Updated | 25 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | NDSS |
| Authors | David Whyte, Evangelos Kranakis, Paul C. van Oorschot |
Comments (0)
Researcher Info
|
