| | |
Summary: On the Effectiveness of Distributed Worm Monitoring
Moheeb Abu Rajab Fabian Monrose Andreas Terzis
Computer Science Department
Johns Hopkins University
{moheeb,fabian,terzis}@cs.jhu.edu
Abstract
Distributed monitoring of unused portions of the IP
address space holds the promise of providing early and
accurate detection of high-profile security events, espe-
cially Internet worms. While this observation has been
accepted for some time now, a systematic analysis of the
requirements for building an effective distributed mon-
itoring infrastructure is still missing. In this paper, we
attempt to quantify the benefits of distributed monitor-
ing and evaluate the practicality of this approach. To do
so we developed a new worm propagation model that re-
laxes earlier assumptions regarding the uniformity of the
underlying vulnerable population. This model allows us
to evaluate how the size of the monitored address space,
as well the number and locations of monitors, impact
|
