Analysis and Detection of Internet Worms
In recent years, fast spreading worms have become major threats to the
security of the Internet. In order to defend against future worms, it is
important to understand how they propagate and how different scanning
strategies affect their propagation. In this talk, we analyze worm
propagation behavior under various scanning strategies, such as
idealized scan, uniform scan, divide-and-conquer scan, local preference scan,
sequential scan,etc. We also address the problem of worm detection.
Based on the premise that one should look for the exponential growth trend, we develop Kalman filters to detect the propagation of a worm at an early
stage. Last, we address some of the issues that arise in applying this technique to different scanning strategies.
Joint work with W. Gong, C.Zou