Detecting Unknown Worms Using Randomness Check

摘要: From the introduction of CodeRed and Slammer worms, it has been learned that early detection worm epidemics is important in order to reduce damage resulting from outbreaks. A prominent characteristic Internet worms random selection subsequent targets. In this paper, we propose a new mechanism by checking distribution destination addresses network traffic. The proposed constructs matrix traffic checks rank detect spreading worms. fact binary holds high value, ADUR (Anomaly Detection Using Randomness check) for detecting unknown based on matrix. experiments various environments, demonstrated effectively detects spread stages, even when there only single host infected monitoring network. Also, show highly sensitive so epidemic can be detectable quickly, e.g., three times earlier than infection 90% vulnerable hosts.