A survey of internet worm detection and containment

Li, Pele; Salour, M. M.; Su, Xiao

doi:10.1109/comst.2008.4483668

Cited by 109 publications

(71 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the detection phase, a score is computed by counting the number of datagram bytes that fall outside the range defined for each byte. These mechanisms have limitations such as computational complexity [17], management overhead [18], high rates of false positives [13] and incur significant delays in deployment and detection [15].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Early containment of fast network worm malware

Ahmad

Woodhead

Gan

2016

2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)

View full text Add to dashboard Cite

Abstract-This paper presents a countermeasure mechanism for the propagation of fast network worm malware. The mechanism uses a cross layer architecture with a detection technique at the network layer to identify worm infection and a data-link containment solution to block an identified infected host. A software prototype of the mechanism has been used to demonstrate its effective. An empirical analysis of network worm propagation has been conducted to test the mechanism. The results show that the developed mechanism is effective in containing self-propagating malware with almost no false positives.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The QPD module ensures that quiescent periods in network activity do not disappear because of constant worm scanning. These techniques consume resources in order to keep track of distinct connection and host information, especially in large networks [13], and they can only slow worm infections [2].…”

Section: Related Workmentioning

confidence: 99%

Early containment of fast network worm malware

Ahmad

Woodhead

Gan

2016

2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)

View full text Add to dashboard Cite

show abstract

“…A work by Li, Salour, and Su surveys behavior and content-based worm detectors [32] and covers many of the works referenced here. They do not measure the performance of detectors, however, limiting their study to describing and classifying them instead.…”

Section: Related Workmentioning

confidence: 99%

Behavior-Based Worm Detectors Compared

Stafford¹,

Zhang²

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Many worm detectors have been proposed and are being deployed, but the literature does not clearly indicate which one is the best. New worms such as IKEE.B (also known as the iPhone worm) continue to present new challenges to worm detection, further raising the question of how effective our worm defenses are. In this paper, we identify six behavior-based worm detection algorithms as being potentially capable of detecting worms such as IKEE.B, and then measure their performance across a variety of environments and worm scanning behaviors, using common parameters and metrics. We show that the underlying network trace used to evaluate worm detectors significantly impacts their measured performance. An environment containing substantial gaming and file sharing traffic can cause the detectors to perform poorly. No single detector stands out as suitable for all situations. For instance, connection failure monitoring is the most effective algorithm in many environments, but it fails badly at detecting topologically aware worms.

show abstract

“…To detect malicious traffic it require to understand normal traffic behavior, which in turn require efficient training which in real time scenario is much difficult to achieve, as the behavior of legitimate activities are largely unpredictable. Though this method is found to be effective in detecting unknown worms [4], it generates high false alarm.…”

Section: Introductionmentioning

confidence: 99%

“…Research on worm defense may be broadly classified into two categories: Detection and Containment. Further Detection algorithm can be classified into two categories; Anomaly based detection and Signature based detection [4,10].…”

Section: Introductionmentioning

confidence: 99%