Anomaly detection for Internet worms

Abstract

Internet worms have become a major threat to the Internet due to their ability to rapidly compromise large numbers of computers. In response to this threat, there is a growing demand for effective techniques to detect the presence of worms and to reduce the worms' spread. Furthermore, existing approaches for anomaly detection of new worms suffer from scalability problems. In this paper, we present an approach for detecting worms based on similar patterns of connection activity. We then investigate how to improve the computational efficiency of worm detection by presenting a Greedy algorithm, which minimizes the amount of traffic processing needed to detect worms, thus increasing the scalabil..