Hit-list worm detection using distributed sliding window

Nobutaka Kawaguchi, Hiroshi Shigeno, Ken’ichi Okada

Research output: Contribution to journalArticlepeer-review


In this paper, we propose a new distributed hit-list worm detection method: the Anomaly Connection Tree Method with Distributed Sliding Window (ACTM-DSW). ACTM-DSW employs multiple distributed network Intrusion Detection Systems (IDSs), each of which monitors a small portion of an enterprise network. In ACTM-DSW, worm propagation trees are detected by using a sliding time window. More precisely, the distributed IDSs in ACTM-DSW cooperatively detect tree structures composed of the worm’s infection connections that have been made within a time window. Through computer-based simulations, we demonstrate that ACTM-DSW outperforms an existing distributed worm detection method, called d-ACTM/VT, for detecting worms whose infection intervals are not constant, but rather have an exponential or uniform distribution. In addition, we implement the distributed IDSs on Xen, a virtual machine environment, and demonstrate the feasibility of the proposed method experimentally.

Original languageEnglish
Pages (from-to)180-189
Number of pages10
JournalJournal of information processing
Publication statusPublished - 2011

ASJC Scopus subject areas

  • Computer Science(all)


Dive into the research topics of 'Hit-list worm detection using distributed sliding window'. Together they form a unique fingerprint.

Cite this