Title :
A Real-Time Worm Outbreak Detection System Using Shared Counters
Author :
Faezipour, Miad ; Nourani, Mehrdad ; Panigrahy, Rina
Author_Institution :
Univ. of Texas at Dallas, Richardson
Abstract :
New networking applications such as Network Intrusion Detection Systems (NIDS) require finding the frequently repeated strings in a packet stream for further investigation. The strategy of finding frequently repeated strings within a given time frame of the packet stream has been quite efficient to detect the polymorphic worms. A novel real-time worm outbreak detection system using two-phase hashing is proposed in this paper. We use the concept of shared counters to minimize the memory cost while efficiently sifting through suspicious strings. We have simulated our system for various settings and packet stream sizes. Our system can support line speed of gigabit-rates with negligible false positive and negative.
Keywords :
counting circuits; invasive software; telecommunication security; finding frequently repeated strings; network intrusion detection systems; packet stream; polymorphic worms; real-time worm outbreak detection system; shared counters; Application specific integrated circuits; Costs; Counting circuits; Cryptography; Humans; Integrated circuit interconnections; Internet; Intrusion detection; Real time systems; Telecommunication traffic; Network intrusion detection system; false negative; false positive; hashing; polymorphic worm; repeated; shared counters; strings; worm outbreak.;
Conference_Titel :
High-Performance Interconnects, 2007. HOTI 2007. 15th Annual IEEE Symposium on
Conference_Location :
Stanford, CA
Print_ISBN :
978-0-7695-2979-0
DOI :
10.1109/HOTI.2007.2
