2007 | OriginalPaper | Chapter
SWorD– A Simple Worm Detection Scheme
Authors : Matthew Dunlop, Carrie Gates, Cynthia Wong, Chenxi Wang
Published in: On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Detection of fast-spreading Internet worms is a problem for which no adequate defenses exist. In this paper we present a
S
imple
Wor
m
D
etection scheme (
SWorD
).
SWorD
is designed as a statistical detection method for detecting and automatically filtering fast-spreading TCP-based worms.
SWorD
is a simple two-tier counting algorithm designed to be deployed on the network edge. The first-tier is a lightweight traffic filter while the second-tier is more selective and rarely invoked. We present results using network traces from both a small and large network to demonstrate
SWorD
’s performance. Our results show that
SWorD
accurately detects over 75% of all infected hosts within six seconds, making it an attractive solution for the worm detection problem.