Sciweavers

ACSAC
2004
IEEE

Worm Detection, Early Warning and Response Based on Local Victim Information

14 years 4 months ago
Worm Detection, Early Warning and Response Based on Local Victim Information
Worm detection systems have traditionally focused on global strategies. In the absence of a global worm detection system, we examine the effectiveness of local worm detection and response strategies. This paper makes three contributions: (1) We propose a simple two-phase local worm victim detection algorithm, DSC (Destination-Source Correlation), based on worm behavior in terms of both infection pattern and scanning pattern. DSC can detect zero-day scanning worms with a high detection rate and very low false positive rate. (2) We demonstrate the effectiveness of early worm warning based on local victim information. For example, warning occurs with 0.19% infection of all vulnerable hosts on Internet when using a /12 monitored network. (3) Based on local victim information, we investigate and evaluate the effectiveness of an automatic real-time local response in terms of slowing down the global Internet worms propagation. (2) and (3) are general results, not specific to certain detectio...
Guofei Gu, Monirul I. Sharif, Xinzhou Qin, David D
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where ACSAC
Authors Guofei Gu, Monirul I. Sharif, Xinzhou Qin, David Dagon, Wenke Lee, George F. Riley
Comments (0)