David Whyte, Paul C. van Oorschot, Evangelos Kranakis School of Computer...  Home/Search
Context
Related
| scs.carleton.ca/~p...SAC05arpworm.pdf Cached: PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
PS.gz PS Image Update HelpFrom: scs.carleton.ca/~paulv/papers/ (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Signature-based schemes for detecting Internet worms often fail on zero-day worms, and their ability to rapidly react to new threats is typically limited by the requirement of some form of human involvement to formulate updated attack signatures. We propose an anomaly-based detection technique detailing a method to detect propagation of scanning worms within individual network cells, thus protecting internal networks from infection by internal clients. Our software implementation indicates that ... (Update)
Active bibliography (related documents): More All
0.8: Appears in 8 - Th International Symposium (Correct)
0.8: Empirical Analysis of Rate Limiting Mechanisms - Wong, Bielski, al. (2005) (Correct)
0.5: On the Design and Use of Internet Sinks for Network.. - Yegneswaran, Barford.. (2004) (Correct)
Similar documents based on text: More All
0.6: DNS-based Detection of Scanning Worms in an Enterprise Network - David Whyte Evangelos (2005) (Correct)
0.2: Compass Routing on Geometric Networks - Kranakis, Singh, Urrutia (1999) (Correct)
0.2: Leader Election and Sorting in Anonymous Asynchronous Rings - Flocchini, Kranakis, al. (Correct)
BibTeX entry: (Update)
@misc{ paul-detecting,
author = "David Whyte Paul",
title = "Detecting Intra-enterprise Scanning Worms based on Address Resolution",
url = "citeseer.ist.psu.edu/733901.html" }
Citations (may not include all citations):140 Snort - lightweight intrusion detection for networks (context) - Roesch - 1999
95 An Ethernet Address Resolution Protocol (context) - Plummer - 1982
74 Internet quarantine: Requirements for containing self-propag.. - Moore, Shannon et al. - 2003
61 Throttling viruses: Restricting propagation to defeat malici.. - Williamson - 2002
30 Monitoring and early warning for Internet worms - Zou, Gao et al. - 2003
25 A taxonomy of computer worms - Weaver, Paxson et al. - 2003
23 Fast portscan detection using sequential hypothesis testing - Jung, Paxson et al. - 2004
23 Automated worm fingerprinting - Singh, Estan et al. - 2004
22 Very fast containment of scanning worms (context) - Weaver, Staniford et al. - 2004
22 Inside the Slammer Worm (context) - Moore, Paxson et al. - 2003
17 Remote OS detection via TCPIP stack fingerprinting (context) - OS, TCP et al. - 1998
9 Fast Detection of Scanning Worm Infections - Schechter, Jung et al. - 2004
8 Self-securing network interfaces: What (context) - Ganger, Economou et al. - 2002
7 An approach for detecting selfpropagating email using anomal.. - Gupta, Sekar - 2003
5 A behavioral approach to worm detection - Ellis, Aiken et al. - 2003
4 DNS-based detection of scanning worms in an enterprise netwo.. - Whyte, Kranakis et al. - 2005
2 Network Telescopes (context) - Moore, Shannon et al. - 2004
1 Worm containment in the internal network (context) - Defense - 2003
1 ARP cache poisoning prevention and detection (context) - Manwani - 2003
1 Dynamic Host Resolution Protocol (context) - Droms - 1997
http://www.forescout.com/
http://www.tcpdump.org
http://www.miragenetworks.com
Documents on the same site (http://www.scs.carleton.ca/~paulv/papers/): More
Authentication and Authenticated Key Exchanges - Diffie, van Oorschot, Wiener (1992) (Correct)
Addressing Online Dictionary Attacks with Login.. - Stubblebine, van.. (2004) (Correct)
Security Analysis of the Message Authenticator Algorithm.. - Preneel, Rijmen, van.. (1997) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC