Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DIMVA
2007
2007
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
Abstract. We present two light-weight worm detection algorithms that offer significant advantages over fixed-threshold methods. The first algorithm, RBS (ratebased sequential hypothesis testing), aims at the large class of worms that attempts to quickly propagate, thus exhibiting abnormal levels of the rate at which hosts initiate connections to new destinations. The foundation of RBS derives from the theory of sequential hypothesis testing, the use of which for detecting randomly scanning hosts was first introduced by our previous work developing TRW [6]. The sequential hypothesis testing methodology enables us to engineer detectors to meet specific targets for false-positive and false-negative rates, rather than triggering when fixed thresholds are crossed. In this sense, the detectors that we introduce are truly adaptive. We then introduce RBS+TRW, an algorithm that combines fan-out rate (RBS) and probability of failure (TRW) of connections to new destinations. RBS+TRW provide...
Real-time TrafficComputer Networks | DIMVA 2007 | Mechanisms Extends Rbs | Pure Rbs | Sequential Hypothesis Testing |
| Added | 29 Oct 2010 |
| Updated | 29 Oct 2010 |
| Type | Conference |
| Year | 2007 |
| Where | DIMVA |
| Authors | Jaeyeon Jung, Rodolfo A. Milito, Vern Paxson |
Comments (0)
Researcher Info
|
