Is early warning of an imminent worm epidemic possible?

Hyundo Park; Hyogon Kim; Heejo Lee

doi:10.1109/MNET.2009.5274917

Is early warning of an imminent worm epidemic possible?

Hyundo Park, Hyogon Kim, Heejo Lee

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

Abstract

This article introduces a novel anomaly detection method that makes use of only matrix operations and is highly sensitive to randomness in traffic. The sensitivity can be leveraged to detect attacks that exude randomness in traffic characteristics, such as denial-of-service attacks and worms. In particular, we show that the method can be used to alert of the imminent onset of a worm epidemic in a statistically sound manner, irrespective of the worm's scanning strategies.

Original language	English
Pages (from-to)	14-20
Number of pages	7
Journal	IEEE Network
Volume	23
Issue number	5
DOIs	https://doi.org/10.1109/MNET.2009.5274917
Publication status	Published - 2009

Keywords

Data mining
Filtering
Grippers
IP networks
Internet
Layout
Monitoring

ASJC Scopus subject areas

Software
Information Systems
Hardware and Architecture
Computer Networks and Communications

Access to Document

10.1109/MNET.2009.5274917

Cite this

@article{ca6fb647764a44939890cc9f7a2a8067,

title = "Is early warning of an imminent worm epidemic possible?",

abstract = "This article introduces a novel anomaly detection method that makes use of only matrix operations and is highly sensitive to randomness in traffic. The sensitivity can be leveraged to detect attacks that exude randomness in traffic characteristics, such as denial-of-service attacks and worms. In particular, we show that the method can be used to alert of the imminent onset of a worm epidemic in a statistically sound manner, irrespective of the worm's scanning strategies.",

keywords = "Data mining, Filtering, Grippers, IP networks, Internet, Layout, Monitoring",

author = "Hyundo Park and Hyogon Kim and Heejo Lee",

note = "Funding Information: This work was supported in part by the ITRC program of the Korea Ministry of Knowledge Economy (MKE), the IT R&D program of MKE/IITA(2009-S-026-01), the Defense Acquisition Program Administration and Agency for Defense Development, and the Korea Research Foundation Grant 2009-0080413.",

year = "2009",

doi = "10.1109/MNET.2009.5274917",

language = "English",

volume = "23",

pages = "14--20",

journal = "IEEE Network",

issn = "0890-8044",