The propagation speed of fast scanning worms and the stealthy nature of slow scanning worms present unique challenges to intrusion detection. Typically, techniques optimized for detection of fast scanning worms fail to detect slow scanning worms, and vice versa. In practice, there is interest in developing an integrated approach to detecting both classes of worms. In this paper, we propose and analyze a unique integrated detection approach capable of detecting and identifying traffic flow(s) responsible for simultaneous fast and slow scanning malicious worm attacks. The approach uses a combination of evidence from distributed host-based anomaly detectors, a self-adapting profiler and Bayesian inference from network heuristics to detect intr...
Abstract — In this paper, we propose a simple algorithm for detecting scanning worms with high detec...
In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become on...
This paper examines the general behaviour of stealthy worms. In particular, we focus on worms that a...
Detection of slow worms is particularly challenging due to the stealthy nature of their propagation ...
Since the days of the Morris worm, the spread of malicious code has been the most imminent menace to...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
In recent years, fast spreading worms have become one of the major threats to the security of the In...
Abstract — After many Internet-scale worm incidents in recent years, it is clear that a simple self-...
We present two light-weight worm detection algorithms that offer significant advantages over fixed-t...
Abstract: Problem statement: A worm is a malicious piece of code that self-propagates, often via net...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
After several Internet-scale worm incidents in recent years, it is clear that a simple self-propagat...
Abstract — In this paper, we address issues related to the modeling, analysis, and countermeasures o...
Worm detection and response systems must act quickly to identify and quarantine scanning worms, as w...
Finding the cause for congested virtual private network (VPN) links that connect an office network o...
Abstract — In this paper, we propose a simple algorithm for detecting scanning worms with high detec...
In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become on...
This paper examines the general behaviour of stealthy worms. In particular, we focus on worms that a...
Detection of slow worms is particularly challenging due to the stealthy nature of their propagation ...
Since the days of the Morris worm, the spread of malicious code has been the most imminent menace to...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
In recent years, fast spreading worms have become one of the major threats to the security of the In...
Abstract — After many Internet-scale worm incidents in recent years, it is clear that a simple self-...
We present two light-weight worm detection algorithms that offer significant advantages over fixed-t...
Abstract: Problem statement: A worm is a malicious piece of code that self-propagates, often via net...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
After several Internet-scale worm incidents in recent years, it is clear that a simple self-propagat...
Abstract — In this paper, we address issues related to the modeling, analysis, and countermeasures o...
Worm detection and response systems must act quickly to identify and quarantine scanning worms, as w...
Finding the cause for congested virtual private network (VPN) links that connect an office network o...
Abstract — In this paper, we propose a simple algorithm for detecting scanning worms with high detec...
In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become on...
This paper examines the general behaviour of stealthy worms. In particular, we focus on worms that a...