Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Tackling Worm Detection Speed and False Alarm in Virus Throttling

  • Conference paper
Information Security Practice and Experience (ISPEC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3903))

  • 482 Accesses

Abstract

This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects.

This research was supported by research funds from National Research Lab program, Korea, and Chosun University, 2005.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. CERT, CERT Advisory CA-2003-04 MS-SQL Server Worm, (January 2003), http://www.cert.org/advisories/CA-2003-04.html

  2. CERT, CERT Advisory CA-2001-09 Code Red II Another Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. (August 2001), http://www.cert.org/incident_notes/IN-2001-09.html

  3. Sidiroglou, S., Keromytis, A.D.: A Network Worm Vaccine Architecture. In: Proc. of the IEEE Workshop on Enterprise Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, June 2003, pp. 220–225 (2003)

    Google Scholar 

  4. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy 1, 33–39 (2003)

    Google Scholar 

  5. Stallings, W.: Operating System: Internal and Design Principles, 5th edn., pp. 407–410. Pearson Prentice Hall, London (2005)

    Google Scholar 

  6. Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proc. of the 18th Annual Computer Security Applications Conference, December 2002, (2002)

    Google Scholar 

  7. Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Proc. of the 12th USENIX Security Symposium, August 2003, pp. 285–294 (2003)

    Google Scholar 

  8. Jung, J., Schechter, S.E., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Sophia Antipolis, French Riviera, France (September 2004)

    Google Scholar 

  9. Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proc. of the IEEE Symposium on Security and Privacy (May 2004)

    Google Scholar 

  10. Qin, X., Dagon, D., Gu, G., Lee, W.: Worm detection using local networks. Technical report, College of Computing, Georgia Tech. (February 2004)

    Google Scholar 

  11. CERT, CERT Advisory CA-2001-26 Nimda Worm (September 2001), http://www.cert.org/advisories/CA-2001-26.html

  12. Gulati, N., Williamson, C., Bunt, R.: LAN traffic locality: Characterization and application. In: Proc. of the First International Conference of Local Area Network Interconnection, October 1993, pp. 233–250 (1993)

    Google Scholar 

  13. CERT.: CERT Advisory CA-2001-08 Code Red Worm Exploiting Buffer Overflow in IIS Indexing Service DL (July 2001), http://www.cert.org/incident_notes/IN-2001-08.html

  14. Yang, X.: Designing traffic profiles for bursty internet traffic. In: Proceedings of IEEE Global Internet, Taipei, Taiwan, p. 2 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information and Communication, Ajou University, Suwon, 442-749, South Korea

    Jangbok Kim & Kyunghee Choi

  2. Department of Internet Software Engineering, Chosun University, Gwangju, 501-759, South Korea

    Jaehong Shim

  3. School of Electrics Engineering, Ajou University, Suwon, 442-749, South Korea

    Gihyun Jung

Authors
  1. Jangbok Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaehong Shim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gihyun Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kyunghee Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

  2. Singapore Management University (SMU), 80 Stamford Road, 178902, Singapore

    Robert Deng

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, J., Shim, J., Jung, G., Choi, K. (2006). Tackling Worm Detection Speed and False Alarm in Virus Throttling. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_7

Download citation

  • DOI: https://doi.org/10.1007/11689522_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33052-3

  • Online ISBN: 978-3-540-33058-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation