DocumentCode :
2564675
Title :
d-ACTM: Distributed Anomaly Connection Tree Method to detect Silent Worms
Author :
Kawaguchi, Nobutaka ; Shigeno, Hiroshi ; Okada, Ken-ichi
Author_Institution :
Fac. of Sci. & Technol., Keio Univ., Kanagawa
fYear :
2007
fDate :
11-13 April 2007
Firstpage :
510
Lastpage :
517
Abstract :
This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The simulation result shows that d-ACTM can detect Silent worms before 7% of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.
Keywords :
computer networks; invasive software; telecommunication security; tree data structures; Silent worm detection; d-ACTM; distributed anomaly connection tree method; distributed network based worm detection method; hit-list worm; tree-like structure; worm propagation behavior; Computer networks; Computer worms; Detectors; Monitoring; Tree data structures;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE Internationa
Conference_Location :
New Orleans, LA
ISSN :
1097-2641
Print_ISBN :
1-4244-1138-6
Electronic_ISBN :
1097-2641
Type :
conf
DOI :
10.1109/PCCC.2007.358934
Filename :
4197970
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2564675
بازگشت