Worm detection, early warning and response based on local victim information
作者: Guofei Gu , M. Sharif , Xinzhou Qin , D. Dagon , Wenke Lee
DOI: 10.1109/CSAC.2004.51
关键词:
摘要: Worm detection systems have traditionally focused on global strategies. In the absence of a worm system, we examine effectiveness local and response This paper makes three contributions: (1) propose simple two-phase victim algorithm, DSC (Destination-Source Correlation), based behavior in terms both infection pattern scanning pattern. can detect zero-day worms with high rate very low false positive rate. (2) We demonstrate early warning information. For example, occurs 0.19% all vulnerable hosts Internet when using /12 monitored network. (3) Based information, investigate evaluate an automatic real-time slowing down propagation. are general results, not specific to certain algorithm like DSC. analytical models packet-level network simulator experiments.
acsac.org
computer.org参考文章(19)
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Worm Detection Using Local Networks Georgia Institute of Technology. ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
Sarma Vangala, Kevin Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques ,(2003)
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levine, Henry Owen, HoneyStat: Local Worm Detection Using Honeypots recent advances in intrusion detection. pp. 39- 58 ,(2004) , 10.1007/978-3-540-30143-1_3
G.F. Riley, M.I. Sharif, Wenke Lee, Simulating Internet worms modeling, analysis, and simulation on computer and telecommunication systems. pp. 268- 274 ,(2004) , 10.1109/MASCOT.2004.1348281
Sarma Vangala, Kevin A. Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan. network and distributed system security symposium. ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Very fast containment of scanning worms usenix security symposium. pp. 3- 3 ,(2004)
Cliff Changchun Zou, Weibo Gong, Don Towsley, Code red worm propagation modeling and analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 138- 147 ,(2002) , 10.1145/586110.586130