Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms

@inproceedings{Malan2006ExploitingTC,
  title={Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms},
  author={David J. Malan and Michael D. Smith},
  booktitle={WORM '06},
  year={2006}
}
The speed of today's worms demands automated detection, but the risk of false positives poses a difficult problem. In prior work, we proposed a host-based intrusion-detection system for worms that leveraged collaboration among peers to lower its risk of false positives, and we simulated this approach for a system with two peers. In this paper, we build upon that work and evaluate our ideas ``in the wild.'' We implement Wormboy 2.0, a prototype of our vision that allows us to quantify and… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 11 CITATIONS

Process Flow Features as a Host-Based Event Knowledge Representation

VIEW 4 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Identifying the provenance of correlated anomalies

VIEW 6 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Fine-grained tracking of Grid infections

VIEW 6 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

Non-Stationary Markov Models and Anomaly Propagation Analysis in IDS

VIEW 3 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

An Anomaly Detection Fabric for Clouds Based on Collaborative VM Communities

VIEW 2 EXCERPTS
CITES METHODS & BACKGROUND

References

Publications referenced by this paper.
SHOWING 1-5 OF 5 REFERENCES

Detecting Unknown Massive Mailing Viruses Using Proactive Methods

VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Implementing and Testing a Virus Throttle

VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Windows NT/2000 Native API Reference

VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Intrusion Detection Using Sequences of System Calls

VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL