• DocumentCode
    437572
  • Title

    Detecting randomly scanning worms based on heavy-tailed property

  • Author

    Chen, Yufeng ; Dong, Yabo ; Lu, Dongming ; Pan, Yunhe ; Xiang, Zhengtao

  • Author_Institution
    Coll. of Comput. Sci. & Technol., Zhejiang Univ., Hangzhou, China
  • fYear
    2005
  • fDate
    19-22 March 2005
  • Firstpage
    354
  • Lastpage
    358
  • Abstract
    Worm detection system must detect worms efficiently and effectively. Current detection methods are mainly based on the property of low successful connections rate of worms. However, they may neglect worms if worms insert successful connections deliberately. Because the size in packets or bytes of normal TCP connections is heavy-tailed, we present a detection method by combining detection criteria of failed connections and heavy-tailed distribution of connection size for a given local host. It is more difficult for worms to evade. The method can decrease false negative and positive rates. The experiments show that our method can detect scanning worms with high efficiency and effectiveness.
  • Keywords
    Internet; intranets; security of data; telecommunication traffic; transport protocols; TCP connections; heavy-tailed distribution; transport control protocols; worm detection system; Computer science; Computer worms; Educational institutions; FCC; IP networks; Internet; Intrusion detection; Remote monitoring; TCPIP; World Wide Web;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Networking, Sensing and Control, 2005. Proceedings. 2005 IEEE
  • Print_ISBN
    0-7803-8812-7
  • Type

    conf

  • DOI
    10.1109/ICNSC.2005.1461215
  • Filename
    1461215
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=437572