Abstract
We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of f, the measurement period length, m*, the identification threshold of the flow count m within f, and H*, the identification probability for hosts with m = m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.
| Original language | English |
|---|---|
| Pages (from-to) | 2084-2094 |
| Number of pages | 11 |
| Journal | IEICE Transactions on Communications |
| Volume | E96-B |
| Issue number | 8 |
| DOIs | |
| Publication status | Published - 2013 Aug |
| Externally published | Yes |
Keywords
- Detection
- Optimum design
- Sampling
- Worm
ASJC Scopus subject areas
- Software
- Computer Networks and Communications
- Electrical and Electronic Engineering
