Threshold smart walk for the containment of local worm outbreak

LLi, PLiu, G. Kesidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.

Original languageEnglish (US)
Title of host publication2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Pages2124-2128
Number of pages5
DOIs
StatePublished - 2008
Event2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 - New Orleans, LA, United States
Duration: Nov 30 2008Dec 4 2008

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference

Other

Other2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Country/TerritoryUnited States
CityNew Orleans, LA
Period11/30/0812/4/08

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Threshold smart walk for the containment of local worm outbreak'. Together they form a unique fingerprint.

Cite this