Skip to Main Content
This paper proposes a distributed network based worm detection method, d-ACTM, to detect a kind of hit-list worm named Silent worm. The worm propagation behavior in the network is expressed as a tree-like structure composed of the infected hosts and the infection connections. d-ACTM detects the existence of worms by detecting the tree structures composed of anomaly connections in a distributed manner. The simulation result shows that d-ACTM can detect Silent worms before 7% of all vulnerable hosts are infected under the condition where the infection interval is equals to the normal connection interval.