A NOVEL APPROACH TO DETECTING WORMS BASED ON PARTICLE FILTER
This paper presents a novel approach to detecting worms based on particle filter. The approach collects data through honeynet and uses CUSUM to detect the abnormal changes of counts of packet source address in a t sampling. If the change rate exceeds a certain threshold, it will activate particle filter to estimate its growth rate in order to confirm the existence of worms. The experimental results show that the approach can detect unknown worms quickly and contain the large-scale spread of worms if it combines with the intrusion detection system and firewall.
worm Poisson process CUSUM (Cumulative Sum) particle filter
Li Guoyou Zhong Lehai Yang Jun
College of Computer Science, China West Normal University, Nanchong , Sichuan
国际会议
北京
英文
429-432
2009-10-18(万方平台首次上网日期,不代表论文的发表时间)