« Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic | Main | The Latest in Internet Attacks: Web Application Worms »
Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive Learning
Another paper on techniques useful for wide area, de novo worm detection.As a vast number of services have been flooding into the Internet, it is more likely for the Internet resources to be exposed to various hacking activities such as Code Red and SQL Slammer worm. Since various worms quickly spread over the Internet using self-propagation mechanism, it is crucial to detect worm propagation and protect them for secure network infrastructure. In this paper, we propose a mechanism to detect worm propagation using the computation of entropy of network traffic and the compilation of network traffic. In experiments, we tested our framework in simulated network settings and could successfully detect worm propagation.Source: Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive Learning, Sanguk Noh, Cheolho Lee, Keywon Ryu, Kyunghee Choi, and Gihyun Jung.
September 8, 2005 in detection, papers | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
