Research Article
Simulation and Evaluation OF A New Algorithm of Worm Detection and Containment
@INPROCEEDINGS{10.1109/CHINACOM.2006.344796, author={Xiong Yang and Jing Lu and Yuguang Zhu and Ping Wang}, title={Simulation and Evaluation OF A New Algorithm of Worm Detection and Containment}, proceedings={1st International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2007}, month={4}, keywords={Worm Worm detection Worm Containment Algorithm}, doi={10.1109/CHINACOM.2006.344796} }- Xiong Yang
Jing Lu
Yuguang Zhu
Ping Wang
Year: 2007
Simulation and Evaluation OF A New Algorithm of Worm Detection and Containment
CHINACOM
IEEE
DOI: 10.1109/CHINACOM.2006.344796
Abstract
Internet worm attacks have become increasingly more frequent and have caused enormous damage to the Internet community during the past years. A new security service that monitors the ongoing worm activities on the Internet and restricts the worm spreading rate automatically will greatly contribute to the security management of modern enterprise networks. Based on the comparison and analysis of many worm detection and containment strategies, a new and effective algorithm of detecting and containing network worms is proposed in this paper. The principle of this effective algorithm is an improved two rotation process to detect and contain worms. The simulation result of the algorithm is demonstrated so effectively to detect and slow down the rapid scanning worm and "stealthy" worm whose propagation rate is slower than the former. In order to reduce the number of false positives, the impact of normal network activities is also concerned. Finally, the simulation also analyzes the performance of detecting worms of the algorithm under normal and congestive network background