Title :
A novel approach to detecting worms based on particle filter
Author :
Guoyou, Li ; Lehai, Zhong ; Jun, Yang
Author_Institution :
Coll. of Comput. Sci., China West Normal Univ., Nanchong, China
Abstract :
This paper presents a novel approach to detecting worms based on particle filter. The approach collects data through honeynet and uses CUSUM to detect the abnormal changes of counts of packet source address in a t sampling. If the change rate exceeds a certain threshold, it will activate particle filter to estimate its growth rate in order to confirm the existence of worms. The experimental results show that the approach can detect unknown worms quickly and contain the large-scale spread of worms if it combines with the intrusion detection system and firewall.
Keywords :
Monte Carlo methods; computer networks; invasive software; particle filtering (numerical methods); sampling methods; stochastic processes; telecommunication security; CUSUM; Monte Carlo estimation; computer network; honeynet; packet count; particle filter; t sampling algorithm; worm detection; Computational complexity; Computer science; Computer worms; Computerized monitoring; Detection algorithms; Educational institutions; Intrusion detection; Large-scale systems; Particle filters; Sampling methods; CUSUM (Cumulative Sum); Poisson process; particle filter; worm;
Conference_Titel :
Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-4590-5
Electronic_ISBN :
978-1-4244-4591-2
DOI :
10.1109/ICBNMT.2009.5348529
