Skip to main content
Conference Proceedings

Tackling worm detection speed and false alarm in virus throttling

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2006) 3903 LNCS 67-77
DOI: 10.1007/11689522_7
0Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects. © Springer-Verlag Berlin Heidelberg 2006.

Cite

CITATION STYLE

APA

Kim, J., Shim, J., Jung, G., & Choi, K. (2006). Tackling worm detection speed and false alarm in virus throttling. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3903 LNCS, pp. 67–77). Springer Verlag. https://doi.org/10.1007/11689522_7

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free