Abstract
One of problems of virus throttling algorithm, a worm early detection technique to reduce the speed of worm spread, is that it is too sensitive to burstiness in the number of connection requests. The algorithm proposed in this paper reduces the sensitivity and false alarm with weighted average queue length that smoothes sudden traffic changes. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. The queue length measuring strategy also helps reduce worm detection time and false alarm.
This research was supported by research funds from National Research Lab program, Korea, and Chosun University, 2005.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CERT.: CERT Advisory CA-2003-04 MS-SQL Server Worm (January 2003), http://www.cert.org/advisories/CA-2003-04.html
CERT.: CERT Advisory CA-2001-09 Code Red II Another Worm Exploiting Buffer Overflow in IIS Indexing Service DLL (Augest 2001), http://www.cert.org/incident_notes/IN-2001-09.html
Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proc. of the 18th Annual Computer Security Applications Conference (December 2002)
Jung, J., Schechter, S.E., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Sophia Antipolis, French Riviera, France (September 2004)
Qin, X., Dagon, D., Gu, G., Lee, W.: Worm detection using local networks, Technical report, College of Computing, Georgia Tech. (February 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, J., Shim, J., Jung, G., Choi, K. (2005). Reducing Worm Detection Time and False Alarm in Virus Throttling. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_44
Download citation
DOI: https://doi.org/10.1007/11596981_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)