{"id":13107,"date":"2021-12-06T18:33:39","date_gmt":"2021-12-06T23:33:39","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13107"},"modified":"2026-06-02T14:59:24","modified_gmt":"2026-06-02T18:59:24","slug":"tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-02-a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\/","title":{"rendered":"TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        TR-04-02: A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Carleton University<br>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/\">Technical Report<\/a> TR-04-02<br>\nJune 2004<\/p>\n\n\n\n<h2 id=\"a-monitoring-system-for-detecting-repeated-packets-with-applications-to-computer-worms\" class=\"wp-block-heading\">A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms<\/h2>\n\n\n\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">M. Vargas Martin, J.-M. Robert, P.C. Van Oorschot<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>We present a monitoring system to detect worm propagation using Bloom filters with counters. The system is based on stateful analysis of network traffic in routers of a network. Our preliminary evaluation of the system involved real traffic from our internal lab and a well known DARPA data set. After appropriate configuration, no false alarms are obtained under these data sets. We also conduct simulations using real Internet Service Provider topologies with real link delays and simulated traffic. These simulations confirm that this approach can detect worms at early stages of propagation. We believe our approach, with minor adaptations, is of independent interest for use in a number of network applications which benefit from detecting repeated packets, beyond detecting worm propagation. These include detecting network anomalies such as dangerous traffic fluctuations, abusive use of certain services, and distributed denial-of-service attacks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/TR-04-02.1.pdf\">TR-04-02.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-04-02 June 2004 A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms M. Vargas Martin, J.-M. Robert, P.C. Van Oorschot Abstract We present a monitoring system to detect worm propagation using Bloom filters with counters. The system is based on stateful analysis of network traffic in routers of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12325,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13107","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13107"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13107\/revisions"}],"predecessor-version":[{"id":13108,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13107\/revisions\/13108"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12325"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13107"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}