Inferring Internet Worm Temporal Characteristics
Proceedings of IEEE Global Communications Conference (GLOBECOM 2008)
New Orleans, LA
Source of Publication
Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE
Internet worm attacks pose a significant threat to network security. In this work, we coin the term Internet worm tomography as inferring the characteristics of Internet worms from the observations of Darknet or network telescopes that are routable but unused IP addresses. Under the framework of Internet worm tomography, we attempt to infer worm temporal behaviors such as the host infection time and the worm infection sequence, and thus pinpoint patient zero. Specifically, we introduce statistical estimation techniques and propose method of moments, maximum likelihood, and linear regression estimators. We show analytically and empirically that our proposed estimators can better infer worm temporal characteristics than a naive estimator that has been used in the previous work.
Internet, invasive software, telecommunication security, Chaos Computer networks, Computer worms, Electronic mail, IP networks, Internet, Inverse problems, Telecommunication traffic, Telescopes, Tomography
Q Wang, Z. Chen, K Makki, N Pissinou, and Chao Chen (2008).
Inferring Internet Worm Temporal Characteristics. Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE. 1-6. IEEE.Presented at Proceedings of IEEE Global Communications Conference (GLOBECOM 2008), New Orleans, LA.