This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects. © Springer-Verlag Berlin Heidelberg 2006.
CITATION STYLE
Kim, J., Shim, J., Jung, G., & Choi, K. (2006). Tackling worm detection speed and false alarm in virus throttling. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3903 LNCS, pp. 67–77). Springer Verlag. https://doi.org/10.1007/11689522_7
Mendeley helps you to discover research relevant for your work.