We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global e- mail flow, single host e-mail flow, reject, sender field analysis).
Worm Poacher
MAiello;D Chiarella
2007
Abstract
We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global e- mail flow, single host e-mail flow, reject, sender field analysis).| Campo DC | Valore | Lingua |
|---|---|---|
| dc.authority.people | MAiello | it |
| dc.authority.people | GPapaleo | it |
| dc.authority.people | D Chiarella | it |
| dc.collection.id.s | 0eb59f44-272f-44ea-92c6-fc0b22b80076 | * |
| dc.collection.name | 05.11 Software | * |
| dc.contributor.appartenenza | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | * |
| dc.contributor.appartenenza.mi | 918 | * |
| dc.date.accessioned | 2024/02/15 17:08:58 | - |
| dc.date.available | 2024/02/15 17:08:58 | - |
| dc.date.issued | 2007 | - |
| dc.description.abstracteng | We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global e- mail flow, single host e-mail flow, reject, sender field analysis). | - |
| dc.description.affiliations | M. Aiello - CNR - IEIIT G. Papaleo - CNR - IEIIT D. Chiarella - CNR - IEIIT | - |
| dc.description.allpeople | Maiello, ; Gpapaleo, ; Chiarella, D | - |
| dc.description.allpeopleoriginal | M.Aiello ; G.Papaleo ; D. Chiarella | - |
| dc.description.fulltext | none | en |
| dc.description.note | Our approach is highly experimental. In fact we work on ten local area network interconnected by a layer three switch and directly connected to Internet (no NAT policies, all public IP). In this network we have five mail-servers and one antivirus server. Since it is a research institution almost all the hosts are used by a single person and only few of them are shared among different people (students, fellow researcher etc.). We focus our attention on one mail server | - |
| dc.description.numberofauthors | 3 | - |
| dc.identifier.uri | https://hdl.handle.net/20.500.14243/446 | - |
| dc.language.iso | ita | - |
| dc.language.iso | eng | - |
| dc.title | Worm Poacher | en |
| dc.type.driver | info:eu-repo/semantics/other | - |
| dc.type.full | 05 Altro::05.11 Software | it |
| dc.type.miur | 296 | - |
| dc.ugov.descaux1 | 184208 | - |
| iris.orcid.lastModifiedDate | 2024/04/04 11:07:23 | * |
| iris.orcid.lastModifiedMillisecond | 1712221643264 | * |
| iris.sitodocente.maxattempts | 2 | - |
| Appare nelle tipologie: | 05.11 Software | |
File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
