d-ACTM: Distributed anomaly connection tree method to detect silent worms

Nobutaka Kawaguchi, Hiroshi Shigeno, Ken Ichi Okada

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The sim,ulation result shows that d-ACTM can detect Silent worms before 7% of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.

Original languageEnglish
Title of host publication27th IEEE International Performance Computing and Communications Conference, IPCCC 07
Pages510-517
Number of pages8
DOIs
Publication statusPublished - 2007 Nov 27
Event27th IEEE International Performance Computing and Communications Conference, IPCCC 07 - New Orleans, LA, United States
Duration: 2007 Apr 112007 Apr 13

Publication series

NameConference Proceedings of the IEEE International Performance, Computing, and Communications Conference

Other

Other27th IEEE International Performance Computing and Communications Conference, IPCCC 07
CountryUnited States
CityNew Orleans, LA
Period07/4/1107/4/13

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Kawaguchi, N., Shigeno, H., & Okada, K. I. (2007). d-ACTM: Distributed anomaly connection tree method to detect silent worms. In 27th IEEE International Performance Computing and Communications Conference, IPCCC 07 (pp. 510-517). [4197970] (Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference). https://doi.org/10.1109/PCCC.2007.358934