« Using a Vulnerability Assessment to Discover Worm Hosts | Main | Effect of Malicious Traffic on the Network »
Early Bird: Catching worms while sysadmins sleep
Not to be confused with the Earlybird project from Savage et al., someone else is using the metaphor.
This honours thesis demonstrates the need for an automated, anomalybased Internet worm detection system that is effective at identifying Internet worm packets with a low false-positive rate.
The theory of general Discrete Symbol Hidden Markov Models and the theory of the equivalent on-line models is discussed, and the general structure of Hidden Markov Models is related to the problem of identifying Internet worm packets in a sequence of normal network packets.
The effectiveness of various on-line Hidden Markov Model configurations in detecting Sapphire Internet worm packets in a sequence of normal UDP packets is evaluated, demonstrating that Hidden Markov Models can be successfully used as the basis of an automated, anomaly-based Internet worm detection system.
Source: Early Bird: Catching worms while sysadmins sleep, Andrew Hill.
February 21, 2005 in papers | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
