作者: Qian Wang , Zesheng Chen , Chao Chen
DOI: 10.1109/TIFS.2011.2161288
关键词:
摘要: Internet worm attacks pose a significant threat to network security and management. In this work, we coin the term tomography as inferring characteristics of worms from observations Darknet or telescopes that monitor routable but unused IP address space. Under framework tomography, attempt infer temporal behaviors, i.e., host infection time sequence, thus pinpoint patient zero initially infected hosts. Specifically, apply statistical estimation techniques propose method moments, maximum likelihood, linear regression estimators. We show analytically empirically our proposed estimators can better than naive estimator has been used in previous work. also demonstrate be applied using different scanning strategies such random localized scanning.