A Real-Time Worm Outbreak Detection System Using Shared Counters

Author

Faezipour, Miad ; Nourani, Mehrdad ; Panigrahy, Rina

Author_Institution

Univ. of Texas at Dallas, Richardson

fYear

2007

fDate

22-24 Aug. 2007

Firstpage

65

Lastpage

72

Abstract

New networking applications such as Network Intrusion Detection Systems (NIDS) require finding the frequently repeated strings in a packet stream for further investigation. The strategy of finding frequently repeated strings within a given time frame of the packet stream has been quite efficient to detect the polymorphic worms. A novel real-time worm outbreak detection system using two-phase hashing is proposed in this paper. We use the concept of shared counters to minimize the memory cost while efficiently sifting through suspicious strings. We have simulated our system for various settings and packet stream sizes. Our system can support line speed of gigabit-rates with negligible false positive and negative.

Keywords

counting circuits; invasive software; telecommunication security; finding frequently repeated strings; network intrusion detection systems; packet stream; polymorphic worms; real-time worm outbreak detection system; shared counters; Application specific integrated circuits; Costs; Counting circuits; Cryptography; Humans; Integrated circuit interconnections; Internet; Intrusion detection; Real time systems; Telecommunication traffic; Network intrusion detection system; false negative; false positive; hashing; polymorphic worm; repeated; shared counters; strings; worm outbreak.;

fLanguage

English

Publisher

ieee

Conference_Titel

High-Performance Interconnects, 2007. HOTI 2007. 15th Annual IEEE Symposium on

Conference_Location

Stanford, CA

ISSN

1550-4794

Print_ISBN

978-0-7695-2979-0

Type

conf

DOI

10.1109/HOTI.2007.2

Filename

4296809