Worm origin identification using random moonwalks

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2005, Pages 242-256

  Xie, Yinglian ^a   Sekar, Vyas ^a   Maltz, David A ^a   Reiter, Michael K ^a   Zhang, Hui ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK DEFENCES; RANDOM MOONWALKS; WORM ATTACK; WORM ORIGIN IDENTIFICATION;

COMPUTER SIMULATION; LAW ENFORCEMENT; RANDOM PROCESSES; TRAFFIC CONTROL;

COMPUTER WORMS;

EID: 27544495684     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2005.23     Document Type: Conference Paper

References (29)

1. P. Barford, J. Kline, D. Plonka, and A. Ron. A Signal Analysis of Network Traffic Anomalies. In Proc. of ACM SIGCOMM Internet Measurement Workshop, 2002.
2. S. Bellovin, M. Leech, and T. Taylor. ICMP Traceback Messages. Internet draft, work in progress, 2001.
3. CERT Advisory CA-2003-20: W32/Blaster worm. http://www.cert.org/ advisories/CA-2003-20.html, 2003.
4. A. Blum, D. Song, and S. Venkataraman. Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. In Proc. of The Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), 2004.
5. J. Browne. Probabilistic Design. http: //www.ses.swin.edu.au/homes/ browne/probabilisticdesign.
6. H. Burch and B. Cheswick. Tracing Anonymous Packets to Their Approximate Source. In Proc. of USENIX USA Systems Administration Conference, 2000.
7. D. L. Donoho, A. G. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford-Chen. Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In Proc. of The 5th International Symposium on Recent Advances in Intrusion Detection (RAID), 2002.
8. The Dragnet Project. http://www.cs.cmu.edu/~dragnet.
9. P. Ferguson and D. Senie. RFC 2267 - Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, 1998.
10. A. Hussain, J. Heidemann, and C. Papadopoulos. A Framework for Classifying Denial of Service Attacks. In Proc. of ACM SIGCOMM, 2003.
11. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In Proc. of IEEE Symposium on Security and Privacy, 2004.
12. H. A. Kim and B. Karp. Autograph: Toward Automated, Distributed Worm Signature Detection. In Proc. of 12th USENIX Security Symposium, 2004.
13. C. Kreibich and J. Crowcroft. Honeycomb - Creating Intrusion Detection Signatures Using Honeypots. In Proc. of ACM HotNets-II, 2003.
14. J. Kubica, A. Moore, D. Cohn, and J. Schneider. Finding Underlying Connections: A Fast Graph-Based Method for Link Analysis and Collaboration Queries. In Proc. of Twentieth International Conference on Machine Learning, 2003.
15. J. Li, M. Sung, J. Xu, L. Li, and Q. Zhao. Large-scale IP Traceback in High-speed Internet: Practical Techniques and Theoretical Foundation. In Proc. of IEEE Symposium of Security and Privacy, 2004.
16. D. Moore, G. M. Voelker, and S. Savage. Inferring Internet Denial-of-Service activity. In Proc. of 10th USENIX Security Symposium, 2001.
17. V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proc. of 7th USENIX Security Symposium, 1998.
18. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proc. of USENIX USA Systems Administration Conference, 1999.
19. S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical Network Support for IP Traceback. In Proc. of ACM SIGCOMM, 2000.
20. S. E. Schechter, J. Jung, and A. W. Berger. Fast Detection of Scanning Worm Infections. In Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID), 2004.
21. V. Sekar, Y. Xie, D. Maltz, M. K. Reiter, and H. Zhang. Toward a Framework For Internet Forensic Analysis. In Proc. of ACM HotNets-III, 2004.
22. A. Snoeren. Public review of 'Toward a Framework for internet Forensic Analysis'. In Proc. ACM HotNets-III, 2004.
23. A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-Based IP Traceback. In Proc. of ACM SIGCOMM, 2001.
24. S. Staniford-Chen and L. T. Heberlein. Holding Intruders Accountable on the Internet. In Proc. of the IEEE Symposium on Security and Privacy, 1995.
25. S. Staniford-Chen, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In Proc. of 11th USENIX Security Symposium, 2002.
26. X. Wang and D. Reeves. Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Manipulation of Inter-packet Delays. In Proc. of ACM Conference on Computer and Communications Security (CCS), 2003.
27. R. J. Wonnacott and T. H. Wonnacott. Introductory Statistics. Fourth Edition.
28. J. Wu, S. Vangala, L. Gao, and K. Kwiat. An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques. In Proc. of Network and Distributed System Security Symposium (NDSS), 2004.
29. Y. Zhang and V. Paxson. Detecting Stepping Stones. In Proc. of 9th USENIX Security Symposium, 2001.