d-ACTM

Distributed anomaly connection tree method to detect silent worms

Nobutaka Kawaguchi, Hiroshi Shigeno, Ken Ichi Okada

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The sim,ulation result shows that d-ACTM can detect Silent worms before 7% of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.

Original languageEnglish
Title of host publicationConference Proceedings of the IEEE International Performance, Computing, and Communications Conference
Pages510-517
Number of pages8
DOIs
Publication statusPublished - 2007
Event27th IEEE International Performance Computing and Communications Conference, IPCCC 07 - New Orleans, LA, United States
Duration: 2007 Apr 112007 Apr 13

Other

Other27th IEEE International Performance Computing and Communications Conference, IPCCC 07
CountryUnited States
CityNew Orleans, LA
Period07/4/1107/4/13

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Kawaguchi, N., Shigeno, H., & Okada, K. I. (2007). d-ACTM: Distributed anomaly connection tree method to detect silent worms. In Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (pp. 510-517). [4197970] https://doi.org/10.1109/PCCC.2007.358934

d-ACTM : Distributed anomaly connection tree method to detect silent worms. / Kawaguchi, Nobutaka; Shigeno, Hiroshi; Okada, Ken Ichi.

Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference. 2007. p. 510-517 4197970.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kawaguchi, N, Shigeno, H & Okada, KI 2007, d-ACTM: Distributed anomaly connection tree method to detect silent worms. in Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference., 4197970, pp. 510-517, 27th IEEE International Performance Computing and Communications Conference, IPCCC 07, New Orleans, LA, United States, 07/4/11. https://doi.org/10.1109/PCCC.2007.358934
Kawaguchi N, Shigeno H, Okada KI. d-ACTM: Distributed anomaly connection tree method to detect silent worms. In Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference. 2007. p. 510-517. 4197970 https://doi.org/10.1109/PCCC.2007.358934
Kawaguchi, Nobutaka ; Shigeno, Hiroshi ; Okada, Ken Ichi. / d-ACTM : Distributed anomaly connection tree method to detect silent worms. Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference. 2007. pp. 510-517
@inproceedings{6c369fa11d784f18b86fcc99a5cae7eb,
title = "d-ACTM: Distributed anomaly connection tree method to detect silent worms",
abstract = "This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The sim,ulation result shows that d-ACTM can detect Silent worms before 7{\%} of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.",
author = "Nobutaka Kawaguchi and Hiroshi Shigeno and Okada, {Ken Ichi}",
year = "2007",
doi = "10.1109/PCCC.2007.358934",
language = "English",
isbn = "1424411386",
pages = "510--517",
booktitle = "Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference",

}

TY - GEN

T1 - d-ACTM

T2 - Distributed anomaly connection tree method to detect silent worms

AU - Kawaguchi, Nobutaka

AU - Shigeno, Hiroshi

AU - Okada, Ken Ichi

PY - 2007

Y1 - 2007

N2 - This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The sim,ulation result shows that d-ACTM can detect Silent worms before 7% of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.

AB - This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The sim,ulation result shows that d-ACTM can detect Silent worms before 7% of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.

UR - http://www.scopus.com/inward/record.url?scp=36349025769&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=36349025769&partnerID=8YFLogxK

U2 - 10.1109/PCCC.2007.358934

DO - 10.1109/PCCC.2007.358934

M3 - Conference contribution

SN - 1424411386

SN - 9781424411382

SP - 510

EP - 517

BT - Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference

ER -