• DocumentCode
    467556
  • Title

    A Real-Time Worm Outbreak Detection System Using Shared Counters

  • Author

    Faezipour, Miad ; Nourani, Mehrdad ; Panigrahy, Rina

  • Author_Institution
    Univ. of Texas at Dallas, Richardson
  • fYear
    2007
  • fDate
    22-24 Aug. 2007
  • Firstpage
    65
  • Lastpage
    72
  • Abstract
    New networking applications such as Network Intrusion Detection Systems (NIDS) require finding the frequently repeated strings in a packet stream for further investigation. The strategy of finding frequently repeated strings within a given time frame of the packet stream has been quite efficient to detect the polymorphic worms. A novel real-time worm outbreak detection system using two-phase hashing is proposed in this paper. We use the concept of shared counters to minimize the memory cost while efficiently sifting through suspicious strings. We have simulated our system for various settings and packet stream sizes. Our system can support line speed of gigabit-rates with negligible false positive and negative.
  • Keywords
    counting circuits; invasive software; telecommunication security; finding frequently repeated strings; network intrusion detection systems; packet stream; polymorphic worms; real-time worm outbreak detection system; shared counters; Application specific integrated circuits; Costs; Counting circuits; Cryptography; Humans; Integrated circuit interconnections; Internet; Intrusion detection; Real time systems; Telecommunication traffic; Network intrusion detection system; false negative; false positive; hashing; polymorphic worm; repeated; shared counters; strings; worm outbreak.;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    High-Performance Interconnects, 2007. HOTI 2007. 15th Annual IEEE Symposium on
  • Conference_Location
    Stanford, CA
  • ISSN
    1550-4794
  • Print_ISBN
    978-0-7695-2979-0
  • Type

    conf

  • DOI
    10.1109/HOTI.2007.2
  • Filename
    4296809