作者: Wei Yu , Xun Wang , Adam Champion , Dong Xuan , David Lee
DOI: 10.1016/J.COMCOM.2010.10.014
关键词: Real-time computing 、 Anomaly detection 、 The Internet 、 Computer science 、 Simulation
摘要: Active worms have posed a major security threat to the Internet and many research efforts focused on them. However, defending against them remains challenging due their continuous evolution. In this paper, we study new class of defense-oriented evolved worms, Varying Scan Rate worm (the VSR in short). order circumvent detection by existing schemes, deliberately varies its scan rate according these schemes' weaknesses. To counteract worm, design worm-detection scheme, attack-target Distribution Entropy-based Dynamic scheme (DED for DED utilizes distribution robust statistical feature conjunction with dynamic decision adaptation distinguish worm-scan traffic from non-worm-scan traffic. We present comparatively complete space schemes conduct extensive performance evaluations compared other using real-world traces as background Our data clearly demonstrate effectiveness detecting both traditional worm.