@inproceedings{3298ce0cf82340a3a72cb0c34e07c7a4,
title = "Anomaly detection for Internet worms",
abstract = "Internet worms have become a major threat to the Internet due to their ability to rapidly compromise large numbers of computers. In response to this threat, there is a growing demand for effective techniques to detect the presence of worms and to reduce the worms' spread. Furthermore, existing approaches for anomaly detection of new worms suffer from scalability problems. In this paper, we present an approach for detecting worms based on similar patterns of connection activity. We then investigate how to improve the computational efficiency of worm detection by presenting a Greedy algorithm, which minimizes the amount of traffic processing needed to detect worms, thus increasing the scalability of the system. Our evaluation shows that the Greedy algorithm not only achieved high detection accuracy and reduced the amount of processing time to detect worms, but also achieved reasonable worm traffic detection in the early stages of an outbreak.",
keywords = "Anomaly detection, Internet worms, Network intrusion detection, Security",
author = "Yousof Al-Hammadi and Christopher Leckie",
year = "2005",
doi = "10.1109/INM.2005.1440779",
language = "British English",
isbn = "0780390873",
series = "2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005",
pages = "133--146",
booktitle = "2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005",
note = "2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005 ; Conference date: 15-05-2005 Through 19-05-2005",
}