Skip to Main Content
At present there are some worm intrusion detection systems, primarily for a single LAN or with hardware router environment, which are not applicable for large-scale network detection or have high false alarm rate by using only worm propagation characteristics for detection. This paper analyzed worm non-linear propagation models and drew out the worm transmission curves. Then a distributed worm detection technology is designed. The novel distributed worm detection system consists of two parts, client end and console end programs. The system uses rule-based detection method to monitor network worms, and the console side manages and coordinates detection work of the client sides. Experimental results show that the technology is a good solution to worm detection in multiple network environments which can give an alarm with high detection rate and low false alarm rate when the known worm appears.