CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 4708 > Article
Paper
14 August 2002 Early detection of Internet worm activity by metering ICMP destination unreachable messages
George Bakos, Vincent H. Berk
Author Affiliations +
Proceedings Volume 4708, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Defense and Law Enforcement; (2002) https://doi.org/10.1117/12.479290
Event: AeroSense 2002, 2002, Orlando, FL, United States
Abstract
Early warning of active worm propagation over the Internet is of vital importance to first responders. Knowing an active worms characteristics very early in its propagation can significantly reduce the damage it may cause. In this paper we propose an early warning system that uses ICMP Destination Unreachable (ICMP-T3) messages to identify the random scanning behavior of worms. Participating routers across the Internet send Blind Carbon Copies of all their locally generated ICMP-T3 messages to a central collection point. There all the incoming messages are compared for similarities. Incoming messages are abstracted and patterns identified. Using the methods discussed in this paper we identify 'blooms' of activity that are a clear signature of worm propagation. Preliminary test results have shown that actively spreading worms can be identified in the first few minutes after they are launched. By using the characteristics gathered in those early stages, action can be taken and widespread damage might be avoided.
© (2002) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
George Bakos and Vincent H. Berk "Early detection of Internet worm activity by metering ICMP destination unreachable messages", Proc. SPIE 4708, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Defense and Law Enforcement, (14 August 2002); https://doi.org/10.1117/12.479290
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 10 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 32 scholarly publications and 24 patents.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Internet
Data transmission
Carbon
Chromium
Computer programming
Computing systems
Optical correlators
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top