A distributed detection of hit-list worms

Nobutaka Kawaguchi; Hiroshi Shigeno; Kenichi Okada

doi:10.1109/ICC.2008.303

A distributed detection of hit-list worms

Nobutaka Kawaguchi, Hiroshi Shigeno, Kenichi Okada

Department of Information and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

In this paper, we propose d-ACTM/VT, a network based worm detection method that effectively detects hit-list worms. To detect a kind of hit-list worms named Silent worms in a distributed manner, d-ACTM was proposed. d-ACTM detects the existence of worms by detecting tree structures composed of infection connections as edges. Some undetected infection connections, however, can divide the tree structures into small trees and degrade the detection performance. d-ACTM/VT addresses this problem by aggregating the divided trees as a tree named Virtual AC tree in a distributed manner and utilizes it for detection. Simulation result shows d-ACTM/VT reduces the number of infected hosts by 20% compared to d-ACTM.

Original language	English
Title of host publication	ICC 2008 - IEEE International Conference on Communications, Proceedings
Pages	1566-1572
Number of pages	7
DOIs	https://doi.org/10.1109/ICC.2008.303
Publication status	Published - 2008 Sept 12
Event	IEEE International Conference on Communications, ICC 2008 - Beijing, China Duration: 2008 May 19 → 2008 May 23

Publication series

Name	IEEE International Conference on Communications
ISSN (Print)	0536-1486

Other

Other	IEEE International Conference on Communications, ICC 2008
Country/Territory	China
City	Beijing
Period	08/5/19 → 08/5/23

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1109/ICC.2008.303

Cite this

@inproceedings{8110ddd7c60a4919848c990a54ddf094,

title = "A distributed detection of hit-list worms",

abstract = "In this paper, we propose d-ACTM/VT, a network based worm detection method that effectively detects hit-list worms. To detect a kind of hit-list worms named Silent worms in a distributed manner, d-ACTM was proposed. d-ACTM detects the existence of worms by detecting tree structures composed of infection connections as edges. Some undetected infection connections, however, can divide the tree structures into small trees and degrade the detection performance. d-ACTM/VT addresses this problem by aggregating the divided trees as a tree named Virtual AC tree in a distributed manner and utilizes it for detection. Simulation result shows d-ACTM/VT reduces the number of infected hosts by 20% compared to d-ACTM.",

author = "Nobutaka Kawaguchi and Hiroshi Shigeno and Kenichi Okada",

year = "2008",

month = sep,

day = "12",

doi = "10.1109/ICC.2008.303",

language = "English",

isbn = "9781424420742",

series = "IEEE International Conference on Communications",

pages = "1566--1572",

booktitle = "ICC 2008 - IEEE International Conference on Communications, Proceedings",

note = "IEEE International Conference on Communications, ICC 2008 ; Conference date: 19-05-2008 Through 23-05-2008",

}

TY - GEN

T1 - A distributed detection of hit-list worms

AU - Kawaguchi, Nobutaka

AU - Shigeno, Hiroshi

AU - Okada, Kenichi

PY - 2008/9/12

Y1 - 2008/9/12

N2 - In this paper, we propose d-ACTM/VT, a network based worm detection method that effectively detects hit-list worms. To detect a kind of hit-list worms named Silent worms in a distributed manner, d-ACTM was proposed. d-ACTM detects the existence of worms by detecting tree structures composed of infection connections as edges. Some undetected infection connections, however, can divide the tree structures into small trees and degrade the detection performance. d-ACTM/VT addresses this problem by aggregating the divided trees as a tree named Virtual AC tree in a distributed manner and utilizes it for detection. Simulation result shows d-ACTM/VT reduces the number of infected hosts by 20% compared to d-ACTM.

AB - In this paper, we propose d-ACTM/VT, a network based worm detection method that effectively detects hit-list worms. To detect a kind of hit-list worms named Silent worms in a distributed manner, d-ACTM was proposed. d-ACTM detects the existence of worms by detecting tree structures composed of infection connections as edges. Some undetected infection connections, however, can divide the tree structures into small trees and degrade the detection performance. d-ACTM/VT addresses this problem by aggregating the divided trees as a tree named Virtual AC tree in a distributed manner and utilizes it for detection. Simulation result shows d-ACTM/VT reduces the number of infected hosts by 20% compared to d-ACTM.

UR - http://www.scopus.com/inward/record.url?scp=51249105542&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51249105542&partnerID=8YFLogxK

U2 - 10.1109/ICC.2008.303

DO - 10.1109/ICC.2008.303

M3 - Conference contribution

AN - SCOPUS:51249105542

SN - 9781424420742

T3 - IEEE International Conference on Communications

SP - 1566

EP - 1572

BT - ICC 2008 - IEEE International Conference on Communications, Proceedings

T2 - IEEE International Conference on Communications, ICC 2008

Y2 - 19 May 2008 through 23 May 2008

ER -

A distributed detection of hit-list worms

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this