TY - JOUR
T1 - Optimally identifyingworm-infected hosts
AU - Kamiyama, Noriaki
AU - Mori, Tatsuya
AU - Kawahara, Ryoichi
AU - Harada, Shigeaki
PY - 2013/8
Y1 - 2013/8
N2 - We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of f, the measurement period length, m*, the identification threshold of the flow count m within f, and H*, the identification probability for hosts with m = m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.
AB - We have proposed a method of identifying superspreaders by flow sampling and a method of filtering legitimate hosts from the identified superspreaders using a white list. However, the problem of how to optimally set parameters of f, the measurement period length, m*, the identification threshold of the flow count m within f, and H*, the identification probability for hosts with m = m*, remained unsolved. These three parameters seriously impact the ability to identify the spread of infection. Our contributions in this work are two-fold: (1) we propose a method of optimally designing these three parameters to satisfy the condition that the ratio of the number of active worm-infected hosts divided by the number of all vulnerable hosts is bound by a given upper-limit during the time T required to develop a patch or an anti-worm vaccine, and (2) the proposed method can optimize the identification accuracy of worm-infected hosts by maximally using a limited amount of memory resource of monitors.
KW - Detection
KW - Optimum design
KW - Sampling
KW - Worm
UR - http://www.scopus.com/inward/record.url?scp=84882767363&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84882767363&partnerID=8YFLogxK
U2 - 10.1587/transcom.E96.B.2084
DO - 10.1587/transcom.E96.B.2084
M3 - Article
AN - SCOPUS:84882767363
SN - 0916-8516
VL - E96-B
SP - 2084
EP - 2094
JO - IEICE Transactions on Communications
JF - IEICE Transactions on Communications
IS - 8
ER -
