DSpace at MIT: On the Adaptive Real-Time Detection of Fast-Propagating Network Worms

	About DSpace Software

	Home

Browse
	Communities & Collections
	Titles
	Authors
	Subjects
	By Date

Sign on to:
	Receive email updates
	My DSpace authorized users
	Edit Profile


	About DSpace@MIT

DSpace at MIT >
Computer Science and Artificial Intelligence Lab (CSAIL) >
CSAIL Digital Archive >
CSAIL Technical Reports (July 1, 2003 - present) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1721.1/34875

Title:	On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
Authors:	Jung, Jaeyeon Milito, Rodolfo A. Paxson, Vern
Advisor:	Hari Balakrishnan
Other contributors:	Networks & Mobile Systems
Issue Date:	10-Nov-2006
Series/Report no.:	Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory
Abstract:	We present two light-weight worm detection algorithms thatoffer significant advantages over fixed-threshold methods.The first algorithm, RBS (rate-based sequential hypothesis testing)aims at the large class of worms that attempts to quickly propagate, thusexhibiting abnormal levels of the rate at which hosts initiateconnections to new destinations. The foundation of RBS derives fromthe theory of sequential hypothesis testing, the use of which fordetecting randomly scanning hosts was first introduced by our previouswork with the TRW (Threshold Random Walk) scan detection algorithm. The sequential hypothesistesting methodology enables engineering the detectors to meet falsepositives and false negatives targets, rather than triggering whenfixed thresholds are crossed. In this sense, the detectors that weintroduce are truly adaptive.We then introduce RBS+TRW, an algorithm that combines fan-out rate (RBS)and probability of failure (TRW) of connections to new destinations.RBS+TRW provides a unified framework that at one end acts as a pure RBSand at the other end as pure TRW, and extends RBS's power in detectingworms that scan randomly selected IP addresses.
URI:	http://hdl.handle.net/1721.1/34875
Appears in Collections:	CSAIL Technical Reports (July 1, 2003 - present)

Files in This Item:

File	Description	Size	Format
MIT-CSAIL-TR-2006-074.pdf		391Kb	Adobe PDF	View/Open
MIT-CSAIL-TR-2006-074.ps		1619Kb	PostScript	View/Open

This item is protected by original copyright

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

invent @ MIT: The HP-MIT Alliance

Copyright © 2002 MIT and Hewlett-Packard - Feedback