Skip to main content
SpringerLink
Log in

Reducing Worm Detection Time and False Alarm in Virus Throttling

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

Abstract

One of problems of virus throttling algorithm, a worm early detection technique to reduce the speed of worm spread, is that it is too sensitive to burstiness in the number of connection requests. The algorithm proposed in this paper reduces the sensitivity and false alarm with weighted average queue length that smoothes sudden traffic changes. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. The queue length measuring strategy also helps reduce worm detection time and false alarm.

This research was supported by research funds from National Research Lab program, Korea, and Chosun University, 2005.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERT.: CERT Advisory CA-2003-04 MS-SQL Server Worm (January 2003), http://www.cert.org/advisories/CA-2003-04.html

  2. CERT.: CERT Advisory CA-2001-09 Code Red II Another Worm Exploiting Buffer Overflow in IIS Indexing Service DLL (Augest 2001), http://www.cert.org/incident_notes/IN-2001-09.html

  3. Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proc. of the 18th Annual Computer Security Applications Conference (December 2002)

    Google Scholar 

  4. Jung, J., Schechter, S.E., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Sophia Antipolis, French Riviera, France (September 2004)

    Google Scholar 

  5. Qin, X., Dagon, D., Gu, G., Lee, W.: Worm detection using local networks, Technical report, College of Computing, Georgia Tech. (February 2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information and Communication, Ajou University, Suwon, 442-749, South Korea

    Jangbok Kim & Kyunghee Choi

  2. Department of Internet Software Engineering, Chosun University, Gwangju, 501-759, South Korea

    Jaehong Shim

  3. School of Electrics Engineering, Ajou University, Suwon, 442-749, South Korea

    Gihyun Jung

Authors
  1. Jangbok Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaehong Shim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gihyun Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kyunghee Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, J., Shim, J., Jung, G., Choi, K. (2005). Reducing Worm Detection Time and False Alarm in Virus Throttling. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_44

Download citation

  • DOI: https://doi.org/10.1007/11596981_44

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation