Optimally Identifying Worm-Infected Hosts
Summary :
We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of φ, the measurement period length, m*, the identification threshold of the flow count m within φ, and H*, the identification probability for hosts with m=m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E96-B No.8 pp.2084-2094
- Publication Date
- 2013/08/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.E96.B.2084
- Type of Manuscript
- PAPER
- Category
- Network Management/Operation
Authors
Noriaki KAMIYAMA
NTT Corporation
Tatsuya MORI
NTT Corporation
Ryoichi KAWAHARA
NTT Corporation
Shigeaki HARADA
NTT Corporation
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Noriaki KAMIYAMA, Tatsuya MORI, Ryoichi KAWAHARA, Shigeaki HARADA, "Optimally Identifying Worm-Infected Hosts" in IEICE TRANSACTIONS on Communications,
vol. E96-B, no. 8, pp. 2084-2094, August 2013, doi: 10.1587/transcom.E96.B.2084.
Abstract: We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of φ, the measurement period length, m*, the identification threshold of the flow count m within φ, and H*, the identification probability for hosts with m=m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.
URL: https://globals.ieice.org/en_transactions/communications/10.1587/transcom.E96.B.2084/_p
Copy
@ARTICLE{e96-b_8_2084,
author={Noriaki KAMIYAMA, Tatsuya MORI, Ryoichi KAWAHARA, Shigeaki HARADA, },
journal={IEICE TRANSACTIONS on Communications},
title={Optimally Identifying Worm-Infected Hosts},
year={2013},
volume={E96-B},
number={8},
pages={2084-2094},
abstract={We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of φ, the measurement period length, m*, the identification threshold of the flow count m within φ, and H*, the identification probability for hosts with m=m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.},
keywords={},
doi={10.1587/transcom.E96.B.2084},
ISSN={1745-1345},
month={August},}
Copy
TY - JOUR
TI - Optimally Identifying Worm-Infected Hosts
T2 - IEICE TRANSACTIONS on Communications
SP - 2084
EP - 2094
AU - Noriaki KAMIYAMA
AU - Tatsuya MORI
AU - Ryoichi KAWAHARA
AU - Shigeaki HARADA
PY - 2013
DO - 10.1587/transcom.E96.B.2084
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E96-B
IS - 8
JA - IEICE TRANSACTIONS on Communications
Y1 - August 2013
AB - We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of φ, the measurement period length, m*, the identification threshold of the flow count m within φ, and H*, the identification probability for hosts with m=m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
