Home

Research

People

News

Join Us

Visit Us

Contact Us

Internet Worm Detection Research, funded by an NSF CAREER grant and a grant from Intel

Internet worms have resulted in considerable disruption of our communications infrastructure, and their estimated cost sometimes are several billions dollars. Recent worms such as IKEE.B (also known as the iPhone worm), StuxNet, Conficker, further present new challenges to worm detection, raising the question of how effective our worm defenses are.

Our primary focus is on limiting the possible damage from as-yet-unknown "0-day" worms. We have designed a behavior-based worm detection system, SWORD (Self-propagating Worm Observation and Rapid Detection). It focuses on major and essential aspects of worm connections that cross the gateway of an administrative domain.

We have implemented a worm detector evaluation framework that can plug in any behavior-based worm detector and test its performance. This framework includes a worm simulator, GLOWS (Gateway-Level Oregon Worm Simulator), that is capable of simulating a broad range of worm types and parameters.

Our publications and relevant documents include the following. We acknowledge for publications since 2007, they are based upon work partially supported by the National Science Foundation under Grant No. CNS-0644434. Any opinions, findings, and conclusions or recommendations expressed in them are those of the authors and do not necessarily reflect the views of the National Science Foundation.

This research is supported by the National Science Foundation under Award No. CNS-0644434. Any opinions, findings, and conclusions or recommendations expressed in this research are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.