An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques
作者: Sarma Vangala , Kevin Kwiat , Lixin Gao , Jiang Wu
DOI:
关键词:
摘要: Since the days of Morris worm, spread malicious code has been most imminent menace to Internet. Worms use various scanning methods rapidly. that select scan destinations carefully can cause more damage than worms employing random scan. This paper analyzes techniques. We then propose a generic worm detection architecture monitors activities. and evaluate an algorithm detect using real time traces simulations. find our solution activities when only 4% vulnerable machines are infected. Our results bring insight on future battle against attacks.
参考文章(5)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244
Vinod Yegneswaran, Paul Barford, Johannes Ullrich, Internet intrusions: global characteristics and prevalence measurement and modeling of computer systems. ,vol. 31, pp. 138- 147 ,(2003) , 10.1145/781027.781045
Z. Chen, L. Gao, K. Kwiat, Modeling the spread of active worms international conference on computer communications. ,vol. 3, pp. 1890- 1900 ,(2003) , 10.1109/INFCOM.2003.1209211
Anil Somayaji, Stephanie Forrest, Automated response using system-call delays usenix security symposium. pp. 14- 14 ,(2000)