Título: Mining a Worm Detection System Data

Autores: Urko Zurutuza , Roberto Uribeetxeberria , James Riordan, and Yan Duponchel

Fecha: September 2006

Area: Seguridad

Tema: Sistemas de Detección de Intrusiones (IDS)

Abstract: Billy Goat is a reliable Worm Detection System (WDS). It is focused on detecting machines in thenetwork infected with known worms, and in this respect it is free of false positives by construction. It also provides additional information that can be analyzed to detect new worms or other emerging threats in the network. Billy Goat is designed to take advantage of the propagation strategies of worms. To discover machines to infect, most worms try to connect to IP addresses selected at random or scan entire ranges of addresses. By doing so, they find most of the machines in a network, but they also try to connect to a large number of unused addresses. Billy Goat functions by responding to requests sent to unused addresses, feigning the existence of a large number of machines and services...

[pdf]

[poster]

Referencia:

bibtex:

@MISC{zur06a,
  author = {Urko Zurutuza and Roberto Uribeetxeberria and James Riordan and Yan
    Duponchel},
  title = {Mining a worm detection system data},
  howpublished = {Poster presented at 9th International Symposium on Recent Advances
    in Intrusion Detection, (RAID'2006), Hamburg, Germany},
  month = {September},
  year = {2006}
}