ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
The detection of RCS worm epidemics
Full text PdfPdf (168 KB)
Source Workshop on Rapid Malcode archive
Proceedings of the 2005 ACM workshop on Rapid malcode table of contents
Fairfax, VA, USA
SESSION: Session 4 table of contents
Pages: 81 - 86  
Year of Publication: 2005
ISBN:1-59593-229-1
Authors
Kurt Rohloff  BBN Technologies, Cambridge, MA
Tamer Başar  University of Illinois at Urbana-Champaign, Urbana, IL
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 0,   Downloads (12 Months): 19,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1103626.1103642
What is a DOI?

ABSTRACT

This paper discusses the problem of automatically detecting the existence of Random Constant Scanning (RCS) worm epidemics on the Internet by observing packet traffic in a local network. The propagation of the RCS worm is modelled as a simple epidemic. An optimal hypothesis-testing approach is presented to detect simple epidemics under idealized conditions based on the cumulative sums of log-likelihood ratios. It is shown that there are limitations on the ability of this optimal method to detect several important subclasses of RCS worm epidemics even under idealized conditions.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
H. Andersson and T. Britton. Stochastic Epidemic Models and Their Statistical Analysis. Number 151 in Lecture Notes in Statistics. Springer-Verlag, 2000.
 
2
Michèle Basseville , Igor V. Nikiforov, Detection of abrupt changes: theory and application, Prentice-Hall, Inc., Upper Saddle River, NJ, 1993
 
3
F. Brauer and C. Castillo-Chávez. Mathematical Models in Population Biology and Epidemiology. Number 40 in Texts in Applied Mathematics. Springer-Verlag, New York, 2001.
 
4
D. Daley and J. Gani. Epidemic Modelling: An Introduction. Cambridge University Press, 1999.
 
5
Herbert W. Hethcote, The Mathematics of Infectious Diseases, SIAM Review, v.42 n.4, p.599-653, Dec. 2000  [doi>10.1137/S0036144500371907]
 
6
J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proc. of the IEEE Symposium on Security and Privacy, 2004.
 
7
David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003  [doi>10.1109/MSECP.2003.1219056]
8
David Moore , Colleen Shannon , k claffy, Code-Red: a case study on the spread and victims of an internet worm, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France  [doi>10.1145/637201.637244]
9
Ruoming Pang , Vinod Yegneswaran , Paul Barford , Vern Paxson , Larry Peterson, Characteristics of internet background radiation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028794]
 
10
H. Vincent Poor, An introduction to signal detection and estimation (2nd ed.), Springer-Verlag New York, Inc., New York, NY, 1994
 
11
K. Rohloff and T. Başsar. Stochastic behavior of random constant scanning worms. In Proc. of 14th ICCCN, 2005.
 
12
S. E. Schechter, J. Jung, and A. W. Berger. Fast detection of scanning worm infections. In Proc. of The Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), 2004.
 
13
Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
 
14
A. Wald. Sequential Analysis. Dover, New York, 1947.
 
15
N. Weaver, S. Staniford, and V. Paxson. Very fast containment of scanning worms. In Proc. of the 13th USENIX Security Symposium (Security '04), 2004.
16
Cliff Changchun Zou , Lixin Gao , Weibo Gong , Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948136]

CITED BY  2
David M. Nicol, The impact of stochastic variance on worm propagation and detection, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
Kurt R. Rohloff , Tamer Bacşar, Deterministic and stochastic models for the detection of random constant scanning worms, ACM Transactions on Modeling and Computer Simulation (TOMACS), v.18 n.2, p.1-24, April 2008

INDEX TERMS

Primary Classification:
  G. Mathematics of Computing
  G.3 PROBABILITY AND STATISTICS
      Subjects: Stochastic processes

Additional Classification:
  G. Mathematics of Computing
  G.3 PROBABILITY AND STATISTICS
      Subjects: Time series analysis


General Terms:
Experimentation, Security, Theory

Collaborative Colleagues:
Kurt Rohloff: colleagues
Tamer Başar: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player