Computer Laboratory Home Page Search A-Z Directory Help
University of Cambridge Home Computer Laboratory
27th May 2004
Computer Laboratory > Research > Systems Research Group > NetOS > Seminars > 27th May 2004

Analysis and Detection of Internet Worms

Don Towsley
In recent years, fast spreading worms have become major threats to the security of the Internet. In order to defend against future worms, it is important to understand how they propagate and how different scanning strategies affect their propagation. In this talk, we analyze worm propagation behavior under various scanning strategies, such as idealized scan, uniform scan, divide-and-conquer scan, local preference scan, sequential scan,etc. We also address the problem of worm detection. Based on the premise that one should look for the exponential growth trend, we develop Kalman filters to detect the propagation of a worm at an early stage. Last, we address some of the issues that arise in applying this technique to different scanning strategies.
Joint work with W. Gong, C.Zou