Department of Computer Science & Engineering

Worms are a major threat to the security and reliability of today's networks. Because they can spread rapidly from computer to computer, to effectively contain them we need automated methods to very quickly identify and filter new worms before they grow into a massive epidemic. In this paper we propose such an automated approach based on identifying in real time the traffic characteristics common to all worms: highly repetitive packet content, going from an increasing number of infected hosts to very many random IP addresses of potential new victims. Our preliminary results on a small network show that our automated approach of identifying new worms is promising: it identified three confirmed worms with an encouragingly low percentage of false positives when configured with good parameters.

Pre-2018 CSE ID: CS2003-0745