How to hook worms [computer network security]

This paper discusses the use of intrusion detection systems to protect against the various threats faced by computer systems by way of worms, viruses and other forms of attacks. Intrusion detection systems attempt to detect things that are wrong in a computer network or system. The main problems of these systems, however, are the many false alarms they produce, their lack of resistance to both malicious attacks and accidental failures, and the constant appearance of new attacks and vulnerabilities. IBM Zurich Research Laboratory has developed a system that specifically targets worms rather than trying to prevent all breaches of computer security. Called Billy Goat, the specialized worm detection system runs on a dedicated machine connected to the network and detects worm-infected machines anywhere in it. Billy Goat has been proven effective at detecting worm-infected machines in a network. It is currently used in several large corporate intranets, and it is normally able to detect infected machines within seconds of their becoming infected. Furthermore, not only is it able to detect the presence of a worm in the network, it can even provide the addresses of the infected machines. This makes it considerably easier to remedy the problem.