Institute for Security Technology Studies (ISTS)
      
SEARCH: 
  Advanced Search  
Dartmouth CollegeInstitute for Security Technology Studies
Cyber and Homeland Security Research & Development
Contents
ISTS Home
About
Projects
Past Projects
Library
People
People Database
Events
Newsroom
Academic Programs
Jobs & Internships
Sponsors
Links of Interest
Dartmouth College
Contact Us
Mailing List


Project Archives
<< Back to Project Archives Index
Early Worm Detection
A Subproject for Process Query Systems (PQS)

Project Summary: An attacker often selects a target machine only after broad scans to identify all vulnerable machines within a certain range of IP addresses. Unfortunately, current network routers often obscure scanning activity, since the routers will drop any scanning traffic directed toward a machine that does not actually exist. With this "loss" of scanning traffic, it is much harder for a security analyst to identify the scan in the first place or understand its scope. At the same time, however, routers do generate error messages (Internet Control Message Protocol (ICMP) Unreachable) when traffic is directed at nonexistent machines. By collecting these error messages, IRIA can provide security analysts with a much better view of scanning activity, allowing them to detect impending attacks that they might otherwise miss.

Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing [PDF Format]

Designing a Framework for Active Worm Detection on Global Networks [PDF Format]

Using Sensor Networks and Data Fusion for Early Detection of Active Worms [PDF Format]

Early Detection of Internet Worms [HTML]

Early Detection of Internet Worm Activity by Metering ICMP Destination Unreachable Activity [PDF Format]

Principal Investigators: George Bakos / Vincent Berk / Robert Gray
Copyright © 2003-2007 Trustees of Dartmouth College