Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms

@inproceedings{Malan2006ExploitingTC,
  title={Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms},
  author={D. Malan and M. Smith},
  booktitle={WORM '06},
  year={2006}
}
The speed of today's worms demands automated detection, but the risk of false positives poses a difficult problem. In prior work, we proposed a host-based intrusion-detection system for worms that leveraged collaboration among peers to lower its risk of false positives, and we simulated this approach for a system with two peers. In this paper, we build upon that work and evaluate our ideas ``in the wild.'' We implement Wormboy 2.0, a prototype of our vision that allows us to quantify and… Expand
13 Citations
A survey of internet worm detection and containment
  • 133
An Anomaly Detection Fabric for Clouds Based on Collaborative VM Communities
  • 2
  • PDF
Community Epidemic Detection Using Time-Correlated Anomalies
  • 24
  • PDF
Non-Stationary Markov Models and Anomaly Propagation Analysis in IDS
  • 7
  • Highly Influenced
Non-Stationary Markov Models and Anomaly Propagation Analysis in IDS
  • 8
  • Highly Influenced
Fine-grained tracking of Grid infections
  • 18
  • PDF
Identifying the provenance of correlated anomalies
  • 19
  • Highly Influenced
  • PDF
...
1
2
...

References

Autograph: Toward Automated
  • Distributed Worm Signature Detection. In USENIX Security Symposium, pages 271–286
  • 2004