Title :
FDF: Frequency Detection-Based Filtering of Scanning Worms
Author :
Kim, Byungseung ; Bahk, Saewoong ; Kim, Hyogon
Author_Institution :
School of Electrical Engineering and Computer Science, INMC, Seoul National University, Seoul, Korea. Email: kbs@netlab.snu.ac.kr
Abstract :
In this paper, we propose a simple algorithm for detecting scanning worms with high detection rate and low false positive rate. The novelty of our algorithm is inspecting the frequency characteristic of scanning worms from a monitored network. Its low complexity allows it to be used on any network-based intrusion detection system as a real time detection module for high-speed networks. Our algorithm need not be adjusted to network status because its parameters depend on application types, which are generally and widely used in any networks such as web and P2P services. By using real traces, we evaluate the performance of our algorithm and compare it with that of SNORT. The results confirm that our algorithm outperforms SNORT with respect to detection rate and false positive rate.
Keywords :
Computer science; Computer worms; Detection algorithms; Filtering; Frequency; Intrusion detection; Knowledge based systems; Monitoring; Telecommunication traffic; Web and internet services;
Conference_Titel :
Communications, 2006. ICC '06. IEEE International Conference on
Conference_Location :
Istanbul
Print_ISBN :
1-4244-0355-3
Electronic_ISBN :
8164-9547
DOI :
10.1109/ICC.2006.255084
