Intrusion attempts due to self-propagating code are becoming an increasingly urgent problem, in part due to the homogeneous makeup of the internet. Recent advances in anomaly-based intrusion detection systems (IDSs) have made use of the quickly spreading nature of these attacks to identify them with high sensitivity and at low false positive (FP) rates.… (More)
We present a method for detecting large-scale worm attacks using only end-host detectors. These detectors propagate and aggregate alerts to cooperating partners to detect large-scale distributed attacks in progress. The properties of the host-based detectors may in fact be relatively poor in isolation but when taken collectively result in a high-quality… (More)
Traditionally, user traffic profiling is performed by analyzing traffic traces collected on behalf of the user at aggregation points located in the middle of the network. However, the modern enterprise network has a highly mobile population that frequently moves in and out of its physical perimeter. Thus an in-the-network monitor is unlikely to capture full… (More)
We describe a method to detect botnet command and control traffic and individual end-hosts. We introduce the notion of " destination traffic atoms " which aggregate the destinations and services that are communicated with. We then compute the " persistence " , which is a measure of temporal regularity and that we propose in this paper, for individual… (More)
As integrated services have become available to the desktop, users have embraced new modes of interaction, such as multimedia conferencing and collaborative computing. In this paper, we provide a survey of past and present research that has influenced this application area, and describe research directions for the future.
" Push " technologies to large receiver sets often do not scale due to large amounts of data replication and limited network bandwidth. Even with improvements from multicast communication, scaling challenges persist. Diverse receiver capabilities still result in a high degree of resends. To combat this drawback, we combine multicast with Forward Error… (More)
MMCC, the multimedia conference control program, is a window−based tool for connection management. It serves as an application interface to a wide−area network packet teleconferencing system, in which it is used not only to orchestrate multisite conferences, but also to provide local and remote audio and video control, and to interact with other… (More)