Reconstruction of Worm Propagation Path by Causality

Author

Shi, Wei ; Li, Qiang ; Kang, Jian ; Guo, Dong

Author_Institution

Coll. of Comput. Sci. & Technol., JiLin Univ., Changchun, China

fYear

2009

fDate

9-11 July 2009

Firstpage

129

Lastpage

132

Abstract

Fast and accurate online tracing of network worm during its propagation is essential for worm containment and reducing the loss. Though worm is randomly spread, there exists implicit causality between adjacent infected nodes. Using this causality can help to enhance the performance of worm tracing algorithm. Bayesian Network can be a very good probability description of the current results and prior conditions. Based on the analysis of causality, we present an improved online tracing algorithm -- Bayesian Network Correlation Algorithm to acquire worm propagation path, and analyze and verify its accuracy and performance through simulation experiments. Experiment result indicates that the detection accuracy of Bayesian Network Correlation Algorithm has risen by 10% compared to our previous work, this improved algorithm is more suitable for online detection.

Keywords

belief networks; invasive software; Bayesian network correlation; implicit causality; network worm; online tracing algorithm; worm containment; worm propagation path reconstruction; worm tracing algorithm; Algorithm design and analysis; Analytical models; Bayesian methods; Computer architecture; Computer science; Computer worms; Educational institutions; Performance analysis; Probability; Telecommunication traffic; Bayesian Network; Correlation; Propagation Path; Worm;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking, Architecture, and Storage, 2009. NAS 2009. IEEE International Conference on

Conference_Location

Hunan

Print_ISBN

978-0-7695-3741-2

Type

conf

DOI

10.1109/NAS.2009.25

Filename

5197309