Replay-based worm detection system

Access full-text files

Date

2005-12-24

Authors

Cho, Tae Won

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

This thesis presents the Replay based worm detection system for extracting signatures of unknown worms in network traffic. By introducing the virtual machine in the replaying system, our technique exhibits extremely low false positive rate with little latency overhead in detection time. Our system does not require source codes or modifications of guest operating systems and applications, which enables us to apply the Replay based approach for any types of worms. By monitoring traffic at the router level, we are able to maintain the knowledge of global view in the network

Description

LCSH Subject Headings

Citation