See this document in CiteSeerX!

DNS-based Detection of Scanning Worms in an Enterprise Network (2005)  (Make Corrections)  (4 citations)
David Whyte Evangelos Kranakis P.C. van Oorschot School of Computer Science...



  Home/Search   Context   Related

 
View or download:
scs.carleton.ca/~p...NDSS05dnsids.pdf
Cached:  PDF   PS.gz  PS  Image  Update  Help

From:  scs.carleton.ca/~paulv/papers/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: Worms are arguably the most serious security threat facing the Internet. Seeking a detection technique that is both sufficiently efficient and accurate to enable automatic containment of worm propagation at the network egress points, we propose a new technique for the rapid detection of worm propagation from an enterprise network. It relies on the correlation of Domain Name System (DNS) queries with outgoing connections from an enterprise network. Improvements over existing scanning worm... (Update)

Cited by:   More
Appears in 8 - Th International Symposium   (Correct)
The Limits of Global Scanning Worm Detectors - In The Presence   (Correct)
Empirical Analysis of Rate Limiting Mechanisms - Wong, Bielski, al. (2005)   (Correct)

Active bibliography (related documents):   More   All
0.4:   Detecting Intra-enterprise Scanning Worms based on Address.. - David Whyte Paul   (Correct)
0.3:   Efficient Semantics-Aware Reconciliation for Optimistic .. - Preguica, Shapiro.. (2002)   (Correct)
0.3:   Infrastructure Support for Contextual Applications .. - Arregui..   (Correct)

Similar documents based on text:   More   All
0.4:   S-RIP: A Secure Distance Vector Routing Protocol - Tao Wan Evangelos   (Correct)
0.4:   Securing the Destination-Sequenced Distance Vector - Routing Protocol Dsdv   (Correct)
0.3:   Towards Secure Design Choices for Implementing Graphical.. - Julie Thorpe Van (2004)   (Correct)

Related documents from co-citation:   More   All
4:   Automated worm fingerprinting - Singh - 2004
4:   Fast portscan detection using sequential hypothesis testing - Jung, Paxson et al. - 2004
4:   Very fast containment of scanning worms (context) - Weaver, Staniford et al. - 2004

BibTeX entry:   (Update)

D. Whyte, E. Kranakis, and P. C. van Oorschot. DNS-based detection of scanning worms in an enterprise network. In Proc. of the 12th Annual Network and Distributed System Security Symposium, Feb. 2005. http://citeseer.ist.psu.edu/731469.html   More

@misc{ whyte05dnsbased,
  author = "D. Whyte and E. Kranakis and P. van Oorschot",
  title = "DNS-based detection of scanning worms in an enterprise network",
  text = "D. Whyte, E. Kranakis, and P. C. van Oorschot. DNS-based detection of scanning
    worms in an enterprise network. In Proc. of the 12th Annual Network and
    Distributed System Security Symposium, Feb. 2005.",
  year = "2005",
  url = "citeseer.ist.psu.edu/731469.html" }
Citations (may not include all citations):
143   File Transfer Protocol (context) - Postel, Reynolds - 1985
95   An Ethernet Address Resolution Protocol (context) - Plummer - 1982
74   Internet quarantine: Requirements for containing self-propag.. - Moore, Shannon et al. - 2003
69   How to 0wn the internet in your spare time - Staniford, Paxson et al. - 2002
61   Throttling viruses: Restricting propagation to defeat malici.. - Williamson - 2002
54   Network Time Protocol (context) - Mills - 1992
25   A taxonomy of computer worms - Weaver, Paxson et al. - 2003
23   Fast portscan detection using sequential hypothesis testing - Jung, Paxson et al. - 2004
22   Inside the slammer worm (context) - Moore, Paxson et al. - 2003
22   Very fast containment of scanning worms (context) - Weaver, Staniford et al. - 2004
16   Containment of scanning worms in enterprise networks (context) - Staniford - 2004
11   Technical report - in, network - 2003
8   The spread of the witty worm (context) - Shannon, Moore - 2004
5   A behavioral approach to worm detection - Ellis, Aiken et al. - 2003
4   Potential strategies for high speed active worms: A worst ca.. (context) - Weaver - 2002
3   Internet Message Access Protocol (context) - Crispin - 2003
1   Technet News (context) - Worst, for et al. - 2003
1   Attacks on the Internet (context) - Pethia - 2003
1   Selfsecuring network interfaces: What (context) - Granger, Economou et al. - 2002
1   Secure Shell Protocol (context) - Protocol, www et al. - 2004
1   Arpbased detection of scanning worms in an enterprise networ.. (context) - Whyte, Kranakis et al. - 2004
1   login: The USENIX Magazine (context) - Weaver, Ellis et al. - 2004
1   Service specific anomaly detection for intrusion detection (context) - Kruegel, Toth et al. - 2002
www.tcpdump.org
http://www.forescout.com/
http://www.miragenetworks.com

Documents on the same site (http://www.scs.carleton.ca/~paulv/papers/):   More
Authentication and Authenticated Key Exchanges - Diffie, van Oorschot, Wiener (1992)   (Correct)
Addressing Online Dictionary Attacks with Login.. - Stubblebine, van.. (2004)   (Correct)
Security Analysis of the Message Authenticator Algorithm.. - Preneel, Rijmen, van.. (1997)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC