Worm traffic analysis and characterization

被引:24
作者
Dainotti, Alberto [1 ]
Pescape, Antonio [1 ]
Ventre, Giorgio [1 ]
机构
[1] Univ Naples Federico 2, Naples, Italy
来源
2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-14 | 2007年
关键词
D O I
10.1109/ICC.2007.241
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Internet worms are gaining ever more attention by the research community, representing one of the hot research topics in the field of network security. Our knowledge of phenomena related to Internet worms (from their intrinsic characteristics to their impact and to possible countermeasures) is still in its infancy. This is one of the main reasons for the existence of different kinds of research approaches. In this paper we focus on worm traffic analysis. We propose a general methodology, we discuss issues involved, and we present a software platform which can be used for this kind of study. Moreover, we show some interesting preliminary results from our traffic analysis of two of the most relevant worms that spread over the Internet: Witty and Stammer. Our results provide interesting evidences of (spatial and temporal) invariance and give some hints on worm traffic fingerprinting.
引用
收藏
页码:1435 / 1442
页数:8
相关论文
共 24 条
[1]  
AKRITIDIS P, 2005, EFFICIENT CONTENT BA
[2]  
BEVERLY R, 2003, MS SQL SLAMMER SAPPH
[3]  
BU T, DESIGN EVALUATION FA
[4]  
Chen Z., 2003, Modeling the spread of active worms
[5]  
DAINOTTI A, 2006, 2006 IEEE GLOB UNPUB
[6]  
DAINOTTI A, 2006, PACKET LEVEL CHARACT
[7]   Difficulties in simulating the Internet [J].
Floyd, S ;
Paxson, V .
IEEE-ACM TRANSACTIONS ON NETWORKING, 2001, 9 (04) :392-403
[8]   Packet-level traffic measurements from the Sprint IP backbone [J].
Fraleigh, C ;
Moon, S ;
Lyles, B ;
Cotton, C ;
Khan, M ;
Moll, D ;
Rockell, R ;
Seely, T ;
Diot, C .
IEEE NETWORK, 2003, 17 (06) :6-16
[9]  
MOORE D, 2003, IEEE COMPUTER
[10]  
OWEZARSKI P, 2005, IMPACT DOS ATTACKS I
123