Inhalt des Dokuments
Es gibt keine deutsche Übersetzung dieser Webseite.
Zitatschlüssel | CP-FLDMDQSEWD-08 |
---|---|
Autor | Chatzis, Nikolaos and Popescu-Zeletin, Radu |
Buchtitel | Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems (CISIS '08) |
Seiten | 186-194 |
Jahr | 2008 |
DOI | http://dx.doi.org/10.1007/978-3-540-88181-0_24 |
Adresse | Berlin / Heidelberg, Germany |
Verlag | Springer |
Zusammenfassung | Email worms remain a major network security concern, as they increasingly attack systems with intensity using more advanced social engineering tricks. Their extremely high prevalence clearly indicates that current network defence mechanisms are intrinsically incapable of mitigating email worms, and thereby reducing unwanted email traffic traversing the Internet. In this paper we study the effect email worms have on the flow-level characteristics of DNS query streams a user machine generates. We propose a method based on unsupervised learning and time series analysis to early detect email worms on the local name server, which is located topologically near the infected machine. We evaluate our method against an email worm DNS query stream dataset that consists of 68 email worm instances and show that it exhibits remarkable accuracy in detecting various email worm instances. |
Zurück [3]
ikolaos/parameter/de/font2/minhilfe/
ations/by_author/alumni_publ/nikolaos_publ/parameter/de
/font2/minhilfe/?no_cache=1&tx_sibibtex_pi1%5Bdownl
oad_bibtex_uid%5D=225473&tx_sibibtex_pi1%5Bcontente
lement%5D=tt_content%3A372722
ations/by_author/alumni_publ/nikolaos_publ/parameter/de
/font2/minhilfe/
Zusatzinformationen / Extras
Direktzugang:
Schnellnavigation zur Seite über Nummerneingabe
Hilfsfunktionen
Copyright TU Berlin 2008