Optimum identification of worm-infected hosts

Noriaki Kamiyama; Tatsuya Mori; Ryoichi Kawahara; Shigeaki Harada

doi:10.1007/978-3-540-87357-0_9

Optimum identification of worm-infected hosts

Noriaki Kamiyama, Tatsuya Mori, Ryoichi Kawahara, Shigeaki Harada

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The authors have proposed a method of identifying superspreaders by flow sampling and a method of extracting worm-infected hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters, φ, the measurement period length, m ^*, the identification threshold of the flow count m within φ, and H ^*, the identification probability for hosts with m∈=∈m ^*, remains unsolved. These three parameters seriously affect the worm-spreading property. In this paper, we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all the vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine.

Original language	English
Title of host publication	IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings
Pages	103-116
Number of pages	14
DOIs	https://doi.org/10.1007/978-3-540-87357-0_9
Publication status	Published - 2008 Nov 28
Event	8th IEEE International Workshop on IP Operations and Management, IPOM 2008 - Samos Island, Greece Duration: 2008 Sep 22 → 2008 Sep 26

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5275 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th IEEE International Workshop on IP Operations and Management, IPOM 2008
Country	Greece
City	Samos Island
Period	08/9/22 → 08/9/26

Keywords

Detection
Optimum design
Sampling
Worm

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-87357-0_9

Fingerprint Dive into the research topics of 'Optimum identification of worm-infected hosts'. Together they form a unique fingerprint.

Cite this

Kamiyama, N., Mori, T., Kawahara, R., & Harada, S. (2008). Optimum identification of worm-infected hosts. In IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings (pp. 103-116). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5275 LNCS). https://doi.org/10.1007/978-3-540-87357-0_9

Optimum identification of worm-infected hosts. / Kamiyama, Noriaki; Mori, Tatsuya; Kawahara, Ryoichi; Harada, Shigeaki.

IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings. 2008. p. 103-116 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5275 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kamiyama, N, Mori, T, Kawahara, R & Harada, S 2008, Optimum identification of worm-infected hosts. in IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5275 LNCS, pp. 103-116, 8th IEEE International Workshop on IP Operations and Management, IPOM 2008, Samos Island, Greece, 08/9/22. https://doi.org/10.1007/978-3-540-87357-0_9

Kamiyama N, Mori T, Kawahara R, Harada S. Optimum identification of worm-infected hosts. In IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings. 2008. p. 103-116. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-87357-0_9

@inproceedings{e39ae1c8c5ec44378dafcffb99e5e4c3,

title = "Optimum identification of worm-infected hosts",

abstract = "The authors have proposed a method of identifying superspreaders by flow sampling and a method of extracting worm-infected hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters, φ, the measurement period length, m *, the identification threshold of the flow count m within φ, and H *, the identification probability for hosts with m∈=∈m *, remains unsolved. These three parameters seriously affect the worm-spreading property. In this paper, we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all the vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine.",

keywords = "Detection, Optimum design, Sampling, Worm",

author = "Noriaki Kamiyama and Tatsuya Mori and Ryoichi Kawahara and Shigeaki Harada",

year = "2008",

month = nov,

day = "28",

doi = "10.1007/978-3-540-87357-0_9",

language = "English",

isbn = "3540873562",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "103--116",

booktitle = "IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings",

note = "8th IEEE International Workshop on IP Operations and Management, IPOM 2008 ; Conference date: 22-09-2008 Through 26-09-2008",

}

TY - GEN

T1 - Optimum identification of worm-infected hosts

AU - Kamiyama, Noriaki

AU - Mori, Tatsuya

AU - Kawahara, Ryoichi

AU - Harada, Shigeaki

PY - 2008/11/28

Y1 - 2008/11/28

N2 - The authors have proposed a method of identifying superspreaders by flow sampling and a method of extracting worm-infected hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters, φ, the measurement period length, m *, the identification threshold of the flow count m within φ, and H *, the identification probability for hosts with m∈=∈m *, remains unsolved. These three parameters seriously affect the worm-spreading property. In this paper, we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all the vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine.

AB - The authors have proposed a method of identifying superspreaders by flow sampling and a method of extracting worm-infected hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters, φ, the measurement period length, m *, the identification threshold of the flow count m within φ, and H *, the identification probability for hosts with m∈=∈m *, remains unsolved. These three parameters seriously affect the worm-spreading property. In this paper, we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all the vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine.

KW - Detection

KW - Optimum design

KW - Sampling

KW - Worm

UR - http://www.scopus.com/inward/record.url?scp=56649111112&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=56649111112&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-87357-0_9

DO - 10.1007/978-3-540-87357-0_9

M3 - Conference contribution

AN - SCOPUS:56649111112

SN - 3540873562

SN - 9783540873563

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 103

EP - 116

BT - IP Operations and Management - 8th IEEE International Workshop, IPOM 2008, Proceedings

T2 - 8th IEEE International Workshop on IP Operations and Management, IPOM 2008

Y2 - 22 September 2008 through 26 September 2008

ER -