FDF: Frequency detection-based filtering of scanning worms

Byungseung Kim; Saewoong Bahk; Hyogon Kim

doi:10.1109/ICC.2006.255084

FDF: Frequency detection-based filtering of scanning worms

Byungseung Kim, Saewoong Bahk, Hyogon Kim

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

In this paper, we propose a simple algorithm for detecting scanning worms with high detection rate and low false positive rate. The novelty of our algorithm is inspecting the frequency characteristic of scanning worms from a monitored network. Its low complexity allows it to be used on any networkbased intrusion detection system as a real time detection module for high-speed networks. Our algorithm need not be adjusted to network status because its parameters depend on application types, which are generally and widely used in any networks such as web and P2P services. By using real traces, we evaluate the performance of our algorithm and compare it with that of SNORT. The results confirm that our algorithm outperforms SNORT with respect to detection rate and false positive rate.

Original language	English
Title of host publication	2006 IEEE International Conference on Communications, ICC 2006
Pages	2124-2129
Number of pages	6
DOIs	https://doi.org/10.1109/ICC.2006.255084
Publication status	Published - 2006
Event	2006 IEEE International Conference on Communications, ICC 2006 - Istanbul, Turkey Duration: 2006 Jul 11 → 2006 Jul 15

Publication series

Name	IEEE International Conference on Communications
Volume	5
ISSN (Print)	0536-1486

Other

Other	2006 IEEE International Conference on Communications, ICC 2006
Country/Territory	Turkey
City	Istanbul
Period	06/7/11 → 06/7/15

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1109/ICC.2006.255084

Cite this

Kim, B, Bahk, S & Kim, H 2006, FDF: Frequency detection-based filtering of scanning worms. in 2006 IEEE International Conference on Communications, ICC 2006., 4024479, IEEE International Conference on Communications, vol. 5, pp. 2124-2129, 2006 IEEE International Conference on Communications, ICC 2006, Istanbul, Turkey, 06/7/11. https://doi.org/10.1109/ICC.2006.255084

@inproceedings{7823cb36f6db4b53bcde414b6512dfc5,

title = "FDF: Frequency detection-based filtering of scanning worms",

abstract = "In this paper, we propose a simple algorithm for detecting scanning worms with high detection rate and low false positive rate. The novelty of our algorithm is inspecting the frequency characteristic of scanning worms from a monitored network. Its low complexity allows it to be used on any networkbased intrusion detection system as a real time detection module for high-speed networks. Our algorithm need not be adjusted to network status because its parameters depend on application types, which are generally and widely used in any networks such as web and P2P services. By using real traces, we evaluate the performance of our algorithm and compare it with that of SNORT. The results confirm that our algorithm outperforms SNORT with respect to detection rate and false positive rate.",

author = "Byungseung Kim and Saewoong Bahk and Hyogon Kim",

year = "2006",

doi = "10.1109/ICC.2006.255084",

language = "English",

isbn = "1424403553",

series = "IEEE International Conference on Communications",

pages = "2124--2129",

booktitle = "2006 IEEE International Conference on Communications, ICC 2006",

note = "2006 IEEE International Conference on Communications, ICC 2006 ; Conference date: 11-07-2006 Through 15-07-2006",

}

TY - GEN

T1 - FDF

T2 - 2006 IEEE International Conference on Communications, ICC 2006

AU - Kim, Byungseung

AU - Bahk, Saewoong

AU - Kim, Hyogon

PY - 2006

Y1 - 2006

N2 - In this paper, we propose a simple algorithm for detecting scanning worms with high detection rate and low false positive rate. The novelty of our algorithm is inspecting the frequency characteristic of scanning worms from a monitored network. Its low complexity allows it to be used on any networkbased intrusion detection system as a real time detection module for high-speed networks. Our algorithm need not be adjusted to network status because its parameters depend on application types, which are generally and widely used in any networks such as web and P2P services. By using real traces, we evaluate the performance of our algorithm and compare it with that of SNORT. The results confirm that our algorithm outperforms SNORT with respect to detection rate and false positive rate.

AB - In this paper, we propose a simple algorithm for detecting scanning worms with high detection rate and low false positive rate. The novelty of our algorithm is inspecting the frequency characteristic of scanning worms from a monitored network. Its low complexity allows it to be used on any networkbased intrusion detection system as a real time detection module for high-speed networks. Our algorithm need not be adjusted to network status because its parameters depend on application types, which are generally and widely used in any networks such as web and P2P services. By using real traces, we evaluate the performance of our algorithm and compare it with that of SNORT. The results confirm that our algorithm outperforms SNORT with respect to detection rate and false positive rate.

UR - http://www.scopus.com/inward/record.url?scp=42549117686&partnerID=8YFLogxK

U2 - 10.1109/ICC.2006.255084

DO - 10.1109/ICC.2006.255084

M3 - Conference contribution

AN - SCOPUS:42549117686

SN - 1424403553

SN - 9781424403554

T3 - IEEE International Conference on Communications

SP - 2124

EP - 2129

BT - 2006 IEEE International Conference on Communications, ICC 2006

Y2 - 11 July 2006 through 15 July 2006

ER -

FDF: Frequency detection-based filtering of scanning worms

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this