Analysis and Detection of Internet Worms

Thursday, January 15, 2004 - 1:30pm - 2:20pm
Keller 3-180
Donald Towsley (University of Massachusetts)
In recent years, fast spreading worms have become major threats to the security of the Internet. In order to defend against future worms, it is important to understand how they propagate and how different scanning strategies affect their propagation. In this talk, we analyze worm propagation behavior under various scanning strategies, such as idealized scan, uniform scan, divide-and-conquer scan, local preference scan, sequential scan,etc. We also address the problem of worm detection. Based on the premise that one should look for the exponential growth trend, we develop Kalman filters to detect the propagation of a worm at an early stage. Last, we address some of the issues that arise in applying this technique to different scanning strategies.

This is a joint work with W. Gong and C. Zou.