Abstract
We present a method for detecting large-scale worm attacks using only end-host detectors. These detectors propagate and aggregate alerts to cooperating partners to detect large-scale distributed attacks in progress. The properties of the host-based detectors may in fact be relatively poor in isolation but when taken collectively result in a high-quality distributed worm detector. We implement a cooperative alert sharing protocol coupled with distributed sequential hypothesis testing to generate global alarms about distributed attacks. We evaluate the system's response in the presence of a variety of false alarm conditions and in the presence of an Internet worm attack. Our evaluation is conducted with agents on the Emulab and DETER emulated testbeds using real operating systems and computing platforms. Copyright 2006 ACM.
Author supplied keywords
Cite
CITATION STYLE
Cheetancheri, S. G., Agosta, J. M., Dash, D. H., Levitt, K. N., Rowe, J., & Schooler, E. M. (2006). A distributed host-based worm detection system. In Proceedings of the 2006 SIGCOMM Workshop on Large-scale Attack Defense, LSAD’06 (Vol. 2006, pp. 107–113). https://doi.org/10.1145/1162666.1162668
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
