{"id":13107,"date":"2021-12-06T18:33:39","date_gmt":"2021-12-06T23:33:39","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13107"},"modified":"2021-12-06T18:33:39","modified_gmt":"2021-12-06T23:33:39","slug":"tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/","title":{"rendered":"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms"},"content":{"rendered":"<p>Carleton University<br \/>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/\">Technical Report<\/a> TR-04-02<br \/>\nJune 2004<\/p>\n<h2>A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms<\/h2>\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">M. Vargas Martin, J.-M. Robert, P.C. Van Oorschot<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>We present a monitoring system to detect worm propagation using Bloom filters with counters. The system is based on stateful analysis of network traffic in routers of a network. Our preliminary evaluation of the system involved real traffic from our internal lab and a well known DARPA data set. After appropriate configuration, no false alarms are obtained under these data sets. We also conduct simulations using real Internet Service Provider topologies with real link delays and simulated traffic. These simulations confirm that this approach can detect worms at early stages of propagation. We believe our approach, with minor adaptations, is of independent interest for use in a number of network applications which benefit from detecting repeated packets, beyond detecting worm propagation. These include detecting network anomalies such as dangerous traffic fluctuations, abusive use of certain services, and distributed denial-of-service attacks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/TR-04-02.1.pdf\">TR-04-02.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-04-02 June 2004 A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms M. Vargas Martin, J.-M. Robert, P.C. Van Oorschot Abstract We present a monitoring system to detect worm propagation using Bloom filters with counters. The system is based on stateful analysis of network traffic in routers of [&hellip;]<\/p>\n","protected":false},"author":49,"featured_media":0,"parent":12325,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Carleton University Technical Report TR-04-02 June 2004 A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms M. Vargas\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/\",\"url\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/\",\"name\":\"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2021-12-06T23:33:39+00:00\",\"dateModified\":\"2021-12-06T23:33:39+00:00\",\"description\":\"Carleton University Technical Report TR-04-02 June 2004 A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms M. Vargas\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SCS Technical Reports\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Technical Reports 2004\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms - School of Computer Science","description":"Carleton University Technical Report TR-04-02 June 2004 A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms M. Vargas","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/","url":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/","name":"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2021-12-06T23:33:39+00:00","dateModified":"2021-12-06T23:33:39+00:00","description":"Carleton University Technical Report TR-04-02 June 2004 A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms M. Vargas","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Research","item":"https:\/\/carleton.ca\/scs\/research\/"},{"@type":"ListItem","position":3,"name":"SCS Technical Reports","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/"},{"@type":"ListItem","position":4,"name":"Technical Reports 2004","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/"},{"@type":"ListItem","position":5,"name":"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13107"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13107"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13107\/revisions"}],"predecessor-version":[{"id":13108,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13107\/revisions\/13108"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12325"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}