Signature metrics for accurate and automated worm detection

Abstract

This paper presents two simple algorithms, T<sc>ree</sc>C<sc>ount</sc> and S<sc>ender</sc>C<sc>ount</sc> that detect a broad range of exploit-based and email worms, respectively. These algorithms, when combined with automated payload fingerprinting, generate precise worm payload signatures. We show that fundamental traffic properties of most worms, such as… (More)
DOI: 10.1145/1179542.1179557

Topics

4 Figures and Tables

Slides referencing similar topics