Abstract We present a monitoring system which detects repeated packets in network traffic, and has applications including detecting computer worms. It uses Bloom filters with count...
Paul C. van Oorschot, Jean-Marc Robert, Miguel Var...
—TCP/IP protocol suite carries most application data in Internet. TCP flow retrieval has more security meanings than the IP packet payload. Hence, monitoring the TCP flow has mor...
Zhen Chen, Chuang Lin, Jia Ni, Dong-Hua Ruan, Bo Z...
This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locatio...
Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandow...
The vulnerabilities which plague computers cause endless grief to users. Slammer compromised millions of hosts in minutes; a hit-list worm would take under a second. Recently prop...
Joseph Tucek, James Newsome, Shan Lu, Chengdu Huan...
Traffic monitoring is essential for accounting user traffic and detecting anomaly traffic such as Internet worms or P2P file sharing applications. Since typical Internet traffic mo...