Design and Evaluation of a Fast and Robust Worm Detection Algorithm

Bu, Tian; Chen, A.; Wiel, Scott Vander; Woo, Tai-Kuo

doi:10.1109/infocom.2006.100

Cited by 20 publications

(18 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bu et al suggested a worm detection scheme [17] based on the extraction of the alteration of arrival unsolicited scan rates in the early stage of worm propagation. Their work suggested a novel signal indicating the outbreak of an Internet worm, but this approach suffers from the problem of too many potential sources for false positive rate.…”

Section: Related Workmentioning

confidence: 99%

Toward worm detection in online social networks

Zhang

Zhu

2010

Proceedings of the 26th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Worms propagating in online social networking (OSN) websites have become a major security threat to both the websites and their users in recent years. Since these worms exhibit unique propagation vectors, existing Internet worm detection mechanisms cannot be applied to them. In this work, we propose an early warning OSN worms detection system, which leverages both the propagation characteristics of these worms and the topological properties of online social networks. Our system can effectively monitor the entire social graph by keeping only a small number of user accounts under surveillance. Moreover, the system applies a two-level correlation scheme to reduce the noise from normal user communications such that infected user accounts can be identified with a higher accuracy. Our evaluation on the real social graph data obtained from Flickr indicates that by monitoring five hundreds users out of 1.8 million users, the proposed detection system can detect the burst of an OSN worm when less than 0.13% of total user accounts are infected. Besides, by adopting simple countermeasures, the detection system is also shown to be very helpful for worm containment.

show abstract

Section: Related Workmentioning

confidence: 99%

Toward worm detection in online social networks

Zhang

Zhu

2010

Proceedings of the 26th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…Internet worm tomography, however, cannot be translated into the linear inverse problem due to the complexity of epidemic spreading, and therefore presents new challenges. Several statistical detection and estimation techniques have been applied to Internet worm tomography, such as maximum likelihood estimation (39), Kalman filter estimation (48), and change-point detection (2). Figure 6 further illustrates an example of Internet worm tomography on estimating when a host gets infected, i.e., the host infection time, from our previous work (39).…”

Section: Destination Detection and Defensesmentioning

confidence: 99%

Internet Epidemics: Attacks, Detection and Defenses, and Trends

Chen¹,

Chen²

2011

Intrusion Detection Systems

View full text Add to dashboard Cite

“…For example, in modern high speed networks, data traffic in the form of packets can arrive at the network link in the speed of gigabits per second, creating a massive data stream. A sequence of packets between the same pair of source and destination hosts and their application protocols form a flow, and the number of distinct network flows is an important monitoring metric for network health (for example, the early stage of worm attack often results a significant increase in the number of network flows as infected machines randomly scan others, see Bu et al (2006)). As another example, it is often useful to monitor connectivity patterns among network hosts and count the number of distinct peers that each host is communicating with over time (Karasaridis et al, 2007), in order to analyze the presence of peer-to-peer networks that are used for file sharing (e.g.…”

Section: Introductionmentioning

confidence: 99%

Distinct Counting With a Self-Learning Bitmap

Chen

Cao

Shepp

et al. 2011

Journal of the American Statistical Association

View full text Add to dashboard Cite

Counting the number of distinct elements (cardinality) in a dataset is a fundamental problem in database management. In recent years, due to many of its modern applications, there has been significant interest to address the distinct counting problem in a data stream setting, where each incoming data can be seen only once and cannot be stored for long periods of time. and memory resources. However, the performances of these methods are not scale-invariant, in the sense that their relative root mean square estimation errors (RRMSE) depend on the unknown cardinalities. This is not desirable in many applications where cardinalities can be very dynamic or inhomogeneous and many cardinalities need to be estimated. In this paper, we develop a novel approach, called self-learning bitmap (S-bitmap) that is scale-invariant for cardinalities in a specified range. S-bitmap uses a binary vector whose entries are updated from 0 to 1 by an adaptive sampling process for inferring the unknown cardinality, where the sampling rates are reduced sequentially as more and more entries change from 0 to 1. We prove rigorously that the Sbitmap estimate is not only unbiased but scale-invariant. We demonstrate that to achieve a small RRMSE value of ǫ or less, our approach requires significantly less memory and consumes similar or less operations than state-of-theart methods for many common practice cardinality scales. Both simulation and experimental studies are reported.

show abstract

Design and Evaluation of a Fast and Robust Worm Detection Algorithm

Cited by 20 publications

References 10 publications

Toward worm detection in online social networks

Toward worm detection in online social networks

Internet Epidemics: Attacks, Detection and Defenses, and Trends

Distinct Counting With a Self-Learning Bitmap

Contact Info

Product

Resources

About