• DocumentCode
    459443
  • Title

    FDF: Frequency Detection-Based Filtering of Scanning Worms

  • Author

    Kim, Byungseung ; Bahk, Saewoong ; Kim, Hyogon

  • Author_Institution
    School of Electrical Engineering and Computer Science, INMC, Seoul National University, Seoul, Korea. Email: kbs@netlab.snu.ac.kr
  • Volume
    5
  • fYear
    2006
  • fDate
    38869
  • Firstpage
    2124
  • Lastpage
    2129
  • Abstract
    In this paper, we propose a simple algorithm for detecting scanning worms with high detection rate and low false positive rate. The novelty of our algorithm is inspecting the frequency characteristic of scanning worms from a monitored network. Its low complexity allows it to be used on any network-based intrusion detection system as a real time detection module for high-speed networks. Our algorithm need not be adjusted to network status because its parameters depend on application types, which are generally and widely used in any networks such as web and P2P services. By using real traces, we evaluate the performance of our algorithm and compare it with that of SNORT. The results confirm that our algorithm outperforms SNORT with respect to detection rate and false positive rate.
  • Keywords
    Computer science; Computer worms; Detection algorithms; Filtering; Frequency; Intrusion detection; Knowledge based systems; Monitoring; Telecommunication traffic; Web and internet services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications, 2006. ICC '06. IEEE International Conference on
  • Conference_Location
    Istanbul
  • ISSN
    8164-9547
  • Print_ISBN
    1-4244-0355-3
  • Electronic_ISBN
    8164-9547
  • Type

    conf

  • DOI
    10.1109/ICC.2006.255084
  • Filename
    4024479
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=459443