Document Type
Article
Publication Date
January 2008
Publication Title
IEEE Communications Surveys and Tutorials
Volume
10
Issue Number
1
DOI
10.1109/COMST.2008.4483668
Abstract
Self-duplicating, self-propagating malicious codes known as computer worms spread themselves without any human interaction and launch the most destructive attacks against computer networks. At the same time, being fully automated makes their behavior repetitious and predictable. This article presents a survey and comparison of Internet worm detection and containment schemes. We first identify worm characteristics through their behavior, and then classify worm detection algorithms based on the parameters used in the algorithms. Furthermore, we analyze and compare different detection algorithms with reference to the worm characteristics by identifying the type of worms that can and cannot be detected by these schemes. After detecting the existence of worms, the next step is to contain them. This article explores the current methods used to slow down or stop the spread of worms. The locations to implement detection and containment, as well as the scope of each of these systems/methods, are also explored in depth. Finally, this article points out the remaining challenges of worm detection and future research directions.
Recommended Citation
Pele Li, M. Salour, and Xiao Su. "A Survey of Worm Detection and Containment" IEEE Communications Surveys and Tutorials (2008). https://doi.org/10.1109/COMST.2008.4483668
Comments
This is the Author's Accepted Manuscript of an article originally published in IEEE Communications Surveys & Tutorials Vol. 10, Iss. 1 by IEEE, 2008, DOI: 10.1109/COMST.2008.4483668. The Version of Record can be found online at this link.