Sciweavers

CCS
2003
ACM

Monitoring and early warning for internet worms

14 years 5 months ago
Monitoring and early warning for internet worms
After the Code Red incident in 2001 and the SQL Slammer in January 2003, it is clear that a simple self-propagating worm can quickly spread across the Internet, infects most vulnerable computers before people can take effective countermeasures. The fast spreading nature of worms calls for a worm monitoring and early warning system. In this paper, we propose effective algorithms for early detection of the presence of a worm and the corresponding monitoring system. Based on epidemic model and observation data from the monitoring system, by using the idea of “detecting the trend, not the rate” of monitored illegitimated scan traffic, we propose to use a Kalman filter to detect a worm’s propagation at its early stage in real-time. In addition, we can effectively predict the overall vulnerable population size, and correct the bias in the observed number of infected hosts. Our simulation experiments for Code Red and SQL Slammer show that with observation data from a small fraction ...
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Donald
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where CCS
Authors Cliff Changchun Zou, Lixin Gao, Weibo Gong, Donald F. Towsley
Comments (0)