Title

Inferring Internet Worm Temporal Characteristics

Document Type

Presentation

Presentation Date

12-2008

Conference Name

Proceedings of IEEE Global Communications Conference (GLOBECOM 2008)

Conference Location

New Orleans, LA

Source of Publication

Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE

Publisher

IEEE

Inclusive pages

1-6

Peer Review

Yes

Abstract

Internet worm attacks pose a significant threat to network security. In this work, we coin the term Internet worm tomography as inferring the characteristics of Internet worms from the observations of Darknet or network telescopes that are routable but unused IP addresses. Under the framework of Internet worm tomography, we attempt to infer worm temporal behaviors such as the host infection time and the worm infection sequence, and thus pinpoint patient zero. Specifically, we introduce statistical estimation techniques and propose method of moments, maximum likelihood, and linear regression estimators. We show analytically and empirically that our proposed estimators can better infer worm temporal characteristics than a naive estimator that has been used in the previous work.

Keywords

Internet, invasive software, telecommunication security, Chaos Computer networks, Computer worms, Electronic mail, IP networks, Internet, Inverse problems, Telecommunication traffic, Telescopes, Tomography

Disciplines

Engineering