MetaCartSign in to MyCiteSeer

Include Citations | Advanced Search | Help

Include Citations | Advanced Search | Help

  Monitoring and early warning for internet worms (2003) [94 citations — 12 self]

Download:
Download as a PDF
by Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley
http://tennis.ecs.umass.edu/~czou/research/monitoringEarlyWarning.pdf
Add To MetaCart

Abstract:

in January 2003, it is clear that a simple self-propagating worm can quickly spread across the Internet, infects most vulnerable computers before people can take effective countermeasures. The fast spreading nature of worms calls for a worm monitoring and early warning system. In this paper, we propose effective algorithms for early detection of the presence of a worm and the corresponding monitoring system. Based on epidemic model and observation data from the monitoring system, by using the idea of “detecting the trend, not the rate ” of monitored illegitimated scan traffic, we propose to use a Kalman filter to detect a worm’s propagation at its early stage in real-time. In addition, we can effectively predict the overall vulnerable population size, and correct the bias in the observed number of infected hosts. Our simulation experiments for Code Red and SQL Slammer show that with observation data from a small fraction of IP addresses, we can detect the presence of a worm when it infects only 1 % to 2 % of the vulnerable computers on the Internet.

Citations

337 Optimal Filtering – Anderson, Moore - 1979
314 How to Own the Internet in Your Spare Time – Staniford, Paxson, et al. - 2002
167 Internet quarantine: Requirements for containing self-propagating code – Moore, Shannon, et al. - 2003
144 Code-Red: a case study on the spread and victims of an Internet worm – Moore, Shannon, et al. - 2002
121 Code red worm propagation modeling and analysis – Zou, Gong, et al. - 2002
93 Modeling the spread of active worms – Chen, Gao, et al. - 2003
78 Directed-graph Epidemiological Models of Computer Viruses – Kephart, White - 1991
46 A Tour of the Worm – Seeley - 1989
44 Measuring and modeling computer virus prevalence – KEPHART, R - 1993
38 Epidemic Modelling: An Introduction – Daley, Gani - 1999
37 Network telescopes: Observing small or distant security events – Moore - 2002
29 Computers and epidemiology – Kephart, Chess, et al. - 1993
18 Using sensor networks and data fusion for early detection of active worms – Berk, Gray, et al. - 2000
10 Dynamic Graphs of the Nimda worm. http://www.caida.org/dynamic/analysis/security/nimda – CAIDA
5 Know Your Enemy: Honeynets. http://project.honeynet.org/papers/honeynet – Project - 2001
4 eEye Digital Security. .ida ”Code Red – Worm - 2001
4 Today News. The cost of Code Red: $1.2 billion – USA
3 Computer worm grounds flights, blocks ATMs – News
View or Download | Add to My Collection | Correct Errors