Worm detection by trending fan out
US8095981B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 19, 2007 |
| Grant date | Jan 10, 2012 |
| Priority date | — |
| Expiry date | Jan 4, 2030 |
Classification
- Technology area (CPC F)Mechanical Engineering; Lighting; Heating
- CPC primaryF16B39/12
- WIPO fieldMechanical elements
- WIPO sectorMechanical engineering
Abstract
The invention detects stealth worm propagation by comparing the repeat elements in sets of destinations of a source in multiple time windows to a fitted distribution of same, stored as a benchmark plot. Measurements are performed over N time windows, wherein a representation of the set of destinations to which a respective source has sent packets is determined for each source, in each time window. The counting is performed using a hash table. Once N such sets of destinations have been obtained, the number Xk of destinations that are common to N, N−1, N−2, . . . , 2, 1 windows is determined. Thus Xk is the number of destinations that a particular source sent packets to in k time windows. Xk is then compared to the corresponding value on the plot; anomalies indicate an attack from the respective source.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.