Show simple item record

On the Adaptive Real-Time Detection of Fast-Propagating Network Worms

dc.date.accessioned2006-11-13T18:32:38Z
dc.date.accessioned2018-11-24T10:25:12Z
dc.date.available2006-11-13T18:32:38Z
dc.date.available2018-11-24T10:25:12Z
dc.date.issued2006-11-10
dc.identifier.urihttp://hdl.handle.net/1721.1/34875
dc.identifier.urihttp://repository.aust.edu.ng/xmlui/handle/1721.1/34875
dc.description.abstractWe present two light-weight worm detection algorithms thatoffer significant advantages over fixed-threshold methods.The first algorithm, RBS (rate-based sequential hypothesis testing)aims at the large class of worms that attempts to quickly propagate, thusexhibiting abnormal levels of the rate at which hosts initiateconnections to new destinations. The foundation of RBS derives fromthe theory of sequential hypothesis testing, the use of which fordetecting randomly scanning hosts was first introduced by our previouswork with the TRW (Threshold Random Walk) scan detection algorithm. The sequential hypothesistesting methodology enables engineering the detectors to meet falsepositives and false negatives targets, rather than triggering whenfixed thresholds are crossed. In this sense, the detectors that weintroduce are truly adaptive.We then introduce RBS+TRW, an algorithm that combines fan-out rate (RBS)and probability of failure (TRW) of connections to new destinations.RBS+TRW provides a unified framework that at one end acts as a pure RBSand at the other end as pure TRW, and extends RBS's power in detectingworms that scan randomly selected IP addresses.
dc.format.extent17 p.
dc.format.extent400578 bytes
dc.format.extent1658364 bytes
dc.language.isoen_US
dc.titleOn the Adaptive Real-Time Detection of Fast-Propagating Network Worms


Files in this item

FilesSizeFormatView
MIT-CSAIL-TR-2006-074.pdf400.5Kbapplication/pdfView/Open
MIT-CSAIL-TR-2006-074.ps1.658Mbapplication/postscriptView/Open

This item appears in the following Collection(s)

Show simple item record