Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Worm Evolution Tracking via Timing Analysis Moheeb Abu Rajab Fabian Monrose Andreas Terzis
 

Summary: Worm Evolution Tracking via Timing Analysis
Moheeb Abu Rajab Fabian Monrose Andreas Terzis
Computer Science Department
Johns Hopkins University
{moheeb,fabian,terzis}@cs.jhu.edu
ABSTRACT
We present a technique to infer a worm's infection sequence from
traffic traces collected at a network telescope. We analyze the fi-
delity of the infection evolution as inferred by our technique, and
explore its effectiveness under varying constraints including the
scanning rate of the worm, the size of the vulnerable population,
and the size of the telescope itself. Moreover, we provide guidance
regarding the point at which our method's accuracy diminishes be-
yond practical value. As we show empirically, this point is reached
well after a few hundred initial infected hosts (possibly including
"patient zero") has been reliably identified with more than 80% ac-
curacy. We generalize our mechanism by exploiting the change in
the pattern of inter-arrival times exhibited during the early stages
of such an outbreak to detect the presence and approximate size of
the hit-list. Our mechanism is resilient to varying parameters like

  

Source: Amir, Yair - Department of Computer Science, Johns Hopkins University
Keromytis, Angelos D. - Department of Computer Science, Columbia University

 

Collections: Computer Technologies and Information Sciences