Worm origin identification using random moonwalks

摘要: We propose a novel technique that can determine both the host responsible for originating propagating worm attack and set of flows make up initial stages tree via which infected successive generations victims. argue knowledge is important combating worms: origin supports law enforcement, causal advance diagnosis how network defenses were breached. Our exploits "wide tree" shape propagation emanating from source by performing random "moonwalks" backward in time along paths flows. Correlating repeated walks reveals flows, thereby aiding identifying source. Using analysis, simulation, experiments with real world traces, we show works against today's fast worms stealthy attempt to hide their among background traffic.