We present two light-weight worm detection algorithms that offer significant advantages over fixed-threshold methods. The first algorithm, RBS (ratebased sequential hypothesis testing), aims at the large class of worms that attempts to quickly propagate, thus exhibiting abnormal levels of the rate at which hosts initiate connections to new destinations. The foundation of RBS derives from the theory of sequential hypothesis testing, the use of which for detecting randomly scanning hosts was first introduced by our previous work developing TRW [6]. The sequential hypothesis testing methodology enables us to engineer detectors to meet specific targets for false-positive and false-negative rates, rather than triggering when fixed thresholds are...
Worm detection and response systems must act quickly to identify and quarantine scanning worms, as w...
An Internet worm replicates itself by automatically infecting vulnerable systems and may infect hund...
The speed of today’s worms demands automated detection, but the risk of false positives poses a diff...
We present two light-weight worm detection algorithms thatoffer significant advantages over fixed-th...
Worm detection systems have traditionally focused on global strategies. In the absence of a global w...
Abstract — After many Internet-scale worm incidents in recent years, it is clear that a simple self-...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
Worms are a major threat to the security and reliability of today's networks. Because they can sprea...
The propagation speed of fast scanning worms and the stealthy nature of slow scanning worms present ...
Morris worm showed the Internet community for the first time in 1988 that a worm could bring the Int...
In recent years, fast spreading worms have become one of the major threats to the security of the In...
Network worms are a major threat to the security of today's Internet-connected hosts and networks. T...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
Wormable system vulnerabilities continue to be identified and so fast spreading network worms contin...
Since the days of the Morris worm, the spread of malicious code has been the most imminent menace to...
Worm detection and response systems must act quickly to identify and quarantine scanning worms, as w...
An Internet worm replicates itself by automatically infecting vulnerable systems and may infect hund...
The speed of today’s worms demands automated detection, but the risk of false positives poses a diff...
We present two light-weight worm detection algorithms thatoffer significant advantages over fixed-th...
Worm detection systems have traditionally focused on global strategies. In the absence of a global w...
Abstract — After many Internet-scale worm incidents in recent years, it is clear that a simple self-...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
Worms are a major threat to the security and reliability of today's networks. Because they can sprea...
The propagation speed of fast scanning worms and the stealthy nature of slow scanning worms present ...
Morris worm showed the Internet community for the first time in 1988 that a worm could bring the Int...
In recent years, fast spreading worms have become one of the major threats to the security of the In...
Network worms are a major threat to the security of today's Internet-connected hosts and networks. T...
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating...
Wormable system vulnerabilities continue to be identified and so fast spreading network worms contin...
Since the days of the Morris worm, the spread of malicious code has been the most imminent menace to...
Worm detection and response systems must act quickly to identify and quarantine scanning worms, as w...
An Internet worm replicates itself by automatically infecting vulnerable systems and may infect hund...
The speed of today’s worms demands automated detection, but the risk of false positives poses a diff...