ISBN-13: 9783639028300 / Angielski / Miękka / 2008 / 108 str.
Large-scale attacks generated by fast spreading worms and viruses have emerged as a major threat to the Internet. These worms are capable of infecting and crippling substantial portions of the Internet as well as the enterprise networks of large public and private agencies in a very short time. This dissertation work studies the behavior of such viruses and examines the problem of their detection and containment. It develops a simulation testbed to study the propagation and threat potentials of self- propagating viruses. Using the testbed, a new approach is developed for detecting self-propagating worms/viruses based on statistical anomaly detection. The approach assumes that a key characteristic of a worm/virus attack is an increase in application based network traffic, which will eventually overwhelm servers and clients. The effectiveness of the detection approach has been tested for email based viruses in an intranet setting. The report concludes with results of experiments using a novel approach for cleaning up virus infections, based on the model of "predators" in an ecosystem.