Publication Date
2004
Abstract
After several Internet-scale worm incidents in recent years, it is clear that a simple self-propagating worm can quickly spread across the Internet and cause severe damage to our society. Facing this great security threat, we must build an early detection system to detect the presence of a worm as quickly as possible in order to give people enough time for counteractions. In this paper, we first present an Internet worm monitoring system. Then based on the idea of “detecting the trend, not the burst” of monitored illegitimate traffic, we present a non-threshold based “trend detection” methodology to detect a worm at its early stage by using Kalman filter estimation. In addition, for uniform scan worms such as Code Red and Slammer, we can effectively predict the overall vulnerable population size, and estimate accurately how many computers are really infected in the global Internet based on the biased monitored data. For monitoring of non-uniform scan worms such as Blaster, we show that the address space covered by a monitoring system should be as distributed as possible.
Recommended Citation
Zou, Cliff C.; Gong, Weibo; Towsley, Don; and Gao, Lixin, "Monitoring and Early Detection for Internet Worms" (2004). Computer Science Department Faculty Publication Series. 77.
Retrieved from https://scholarworks.umass.edu/cs_faculty_pubs/77
Comments
This paper was harvested from CiteSeer