Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
JCS
2006
2006
Effective worm detection for various scan techniques
In recent years, the threats and damages caused by active worms have become more and more serious. In order to reduce the loss caused by fastspreading active worms, an effective detection mechanism to quickly detect worms is desired. In this paper, we first explore various scan strategies used by worms on finding vulnerable hosts. We show that targeted worms spread much faster than random scan worms. We then present a generic worm detection architecture to monitor malicious worm activities. We propose and evaluate our detection mechanism called Victim Number Based Algorithm. We show that our detection algorithm is effective and able to detect worm events before 2% of vulnerable hosts are infected for most scenarios. Furthermore, in order to reduce false alarms, we propose an integrated approach using multiple parameters as indicators to detect worm events. The results suggest that our integrated approach can differentiate worm attacks from DDoS attacks and benign scans.
Real-time TrafficActive Worms | Detection Mechanism | JCS 2006 | Worm |
Related Content
| Added | 13 Dec 2010 |
| Updated | 13 Dec 2010 |
| Type | Journal |
| Year | 2006 |
| Where | JCS |
| Authors | Jianhong Xia, Sarma Vangala, Jiang Wu, Lixin Gao, Kevin A. Kwiat |
Comments (0)
Researcher Info
|
