Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
82 Pages
Document Preview
Internet Inferring Worm Temporal Characteristics Qian Wang1 , Zesheng Chen1 , Kia Makki1 , Niki Pissinou1 , and Chao Chen2 2 Department of Engineering of Electrical & Computer Engineering Florida International University Indiana University - Purdue University Fort Wayne Miami, FL 33174 Fort Wayne, IN 46805 E-mails: {qian.wang, zchen, makkik, pissinou}@fiu.edu E-mail: chen@engr.ipfw.edu 1 Department...
Unformatted Document Excerpt
Coursehero >> Florida >> FIU >> QWANG 003Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Internet Inferring Worm Temporal Characteristics
Qian Wang1 , Zesheng Chen1 , Kia Makki1 , Niki Pissinou1 , and Chao Chen2 2 Department of Engineering of Electrical & Computer Engineering Florida International University Indiana University - Purdue University Fort Wayne Miami, FL 33174 Fort Wayne, IN 46805 E-mails: {qian.wang, zchen, makkik, pissinou}@fiu.edu E-mail: chen@engr.ipfw.edu
1 Department
Abstract-- Internet worm attacks pose a significant threat to network security. In this work, we coin the term Internet worm tomography as inferring the characteristics of Internet worms from the observations of Darknet or network telescopes that are routable but unused IP addresses. Under the framework of Internet worm tomography, we attempt to infer worm temporal behaviors such as the host infection time and the worm infection sequence, and thus pinpoint patient zero. Specifically, we introduce statistical estimation techniques and propose method of moments, maximum likelihood, and linear regression estimators. We show analytically and empirically that our proposed estimators can better infer worm temporal characteristics than a naive estimator that has been used in the previous work.
Counting & Projection
Darknet Observation
Worm Propagation Model
Statistical Model
Measurement Data
Detection & Inference
I. I NTRODUCTION Since Code Red and Nimda worms were released in 2001, epidemic-style attacks have caused enormous damages. Internet worms can spread so rapidly that existing defense systems cannot respond until they have infected most vulnerable hosts. For example, the Slammer worm infected more than 90% of vulnerable machines within 10 minutes on January 25th, 2003 [15]. Therefore, worm attacks present a significant threat to the Internet. To counteract these notorious epidemic-style attacks, many detection and defense strategies have been studied in recent years. According to where the detectors are located, these strategies can generally be classified into three categories: source detection and defense, locating infected hosts in the local networks [17], [11]; middle detection and defense, revealing the appearance of worms by analyzing the traffic going through routers [19], [8], [13]; and destination detection and defense, monitoring unwanted traffic arriving at Darknet or network telescopes, a globally routable address space where no active services or servers reside [1], [2], [3], [4], [5]. There are two types of Darknet: active Darknet that responds to malicious scans to elicit the payloads of the attacks [3], [4], and passive Darknet that observes unwanted traffic passively [2], [5]. In this work, we focus o...
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Hamilton College - CS - 310
CS 310, Compilers Spring 2008Compiler, Phase I (Lexer)Introduction Standard Pascal is an imperative, structured, relatively simple language designed originally by Nicholas Wirth for the purpose of teaching computer science to beginners. In this pa
Hamilton College - CS - 111
CS 111 Fall 2008Data Structures SyllabusProfessor Alistair Campbell 8594377 acampbel@cs.hamilton.edu http:/www.cs.hamilton.edu/~acampbel http:/www.facebook.com/profile.php?id=829245244 AIM: CycleBrewer Office location: Ferry Building, second flo
Hamilton College - CS - 370
CS370 Fall2008PuzzlesolvingassignmentDuedates:(1)Tuesday30September2008,6pm;(2)Thursday9October2008,1pmIntroductionAnn*mpuzzleisaplanargridofnrowsandmcolumns,wherenm.Thegridhas n(m1)tilesnumbered1.nm1.Sincethereisoneblankareaonthegrid,thetilesc
Hamilton College - CS - 111
CS111/CS290 Fall2008Project2 CrusadexIntroduction Afillincrossword,alsoknownasacrusadex,isakindofcrosswordpuzzle.Arectangulargridof blackandwhitecellsisgiven,alongwithlistofwordstobefilledhorizontally(lefttoright)and vertically(toptobottom)intoth
Hamilton College - CS - 111
CS 111 Fall 2008Project 1: Some planar geometryIntroduction A point in the Cartesian plane is defined in one of two ways, either as a pair (x,y) representing the horizontal and vertical offset distances from the pole or origin (0,0); or as a pair
Hamilton College - CS - 310
CS 310, Compilers Spring 2008Compiler, Phase IV (Code Generation/Interpretation)Introduction Standard Pascal is an imperative, structured, relatively simple language designed originally by Nicholas Wirth for the purpose of teaching computer scienc
Hamilton College - CS - 310
CS 310, Compilers Spring 2008Compiler, Phase II (Parser)Introduction Standard Pascal is an imperative, structured, relatively simple language designed originally by Nicholas Wirth for the purpose of teaching computer science to beginners. In the p
Hamilton College - CS - 310
CS 310, Compilers Spring 2008Compiler, Phase III (Semantics/Type-checking)Introduction Standard Pascal is an imperative, structured, relatively simple language designed originally by Nicholas Wirth for the purpose of teaching computer science to b
FIU - BSC - 1011
A comparative overview of the Animal KingdomGeneral Features of AnimalsAnimals are the consumers of the Earth They are a very diverse group -However, they share major characteristics -Are heterotrophs -Are multicellular -Have cells without cell wa
UMass (Amherst) - M - 331
Homework 4: Due: during or before lecture on Friday, March 13. Since spring break starts on 3/14,the lecture on 3/13 will also be the deadline for turning in Homework 4. I will leave the homework envelopes outside my office door UNTIL 10 am Friday, a
UMass (Amherst) - LEGAL - 250
UMass (Amherst) - LEGAL - 250
THE FOLLOWING QUESTIONS AND COMMENTS SHOULD HELP YOU TO PREPARE FOR THE DISCUSSION OF JUDGMENT AT NUREMBERG AND OF HOW THE LESSONS OF THESE TRIALS RELATE TO ISSUES THAT WE DISCUSSED EARLIER IN THE SEMESTER:SOME QUESTIONS AND ISSUES RAISED BY THE FI
UMass (Amherst) - M - 233
Practice problems from old exams for math 233William H. Meeks III Disclaimer: Your instructor covers far more materials that we can possibly fit into a four/five questions exams. These practice tests are meant to give you an idea of the kind and var
UMass (Amherst) - MATH - 233
DEPARTMENT OF MATHEMATICS AND STATISTICS UNIVERSITY OF MASSACHUSETTS MATH 233 EXAM 1 Fall 2001NAME:Section Number:Instructor's Name:In problems that require reasoning, algebraic calculation, or the use of your graphing calculator, it is not s
UMass (Amherst) - M - 233
Review guide for midterm 1.February 2, 20091Basics.First we cover the basic definitions and then we go over related problems. Note that the material for the actual midterm may include material from the review guide for midterm 2. Before the ex
UMass (Amherst) - PHYS - 714
UMass (Amherst) - PHILO - 160
SYLLABUS Philosophy 100B Introduction to Philosophy Fall, 2007 MW 2:30 Thompson 104 Fred FeldmanThis course provides an introduction to philosophy by way of a discussion of three central philosophical problems - the problem of free will and determi
UMass (Amherst) - ECE - 242
ECE242: Data Structures and Algorithms PROGRAMMING PROJECT 4BINARY SEARCH TREES AND HASH TABLESNOTE : WE WILL BE USING THE SPECIFICATIONS AS A BASIS FOR EVALUATION. SO PLEASE CONFORM TO THE SPECIFICATIONS TO RECEIVE FULL CREDIT. Introduction and Pr
UMass (Amherst) - ECE - 572
ECE572 OptoelectronicsM. Fischetti 201 D Marcus Hall Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA 01003 Fall 2008The crisis of Classical MechanicsAt the end of the XIX century classical physics consist
UMass (Amherst) - LING - 620
Seth Cable Spring 2009 The Semantics of Modals, Part 3: The Ordering Source 1 1. On Our Last Episode.Formal Semantics Ling 620We developed a semantics for modal auxiliaries in English, that achieved the goals in (1). (1) Overarching Analytic Goal
UMass (Amherst) - BIEP - 540
BE540Topic 1. Summarizing DataComputer Illustration: Epi InfoBE540 - Introduction to Biostatistics Computer Illustration Topic 1 Summarizing Data Software: Epi Info 2002A Visit to Yellowstone National Park, USASource: Chatterjee, S; Handco
UMass (Amherst) - ENGIN - 112
College of Engineering University of Massachusetts AmherstENGIN 112 Introduction to Electrical and Computer Engineering Fall 2008 Discussion A 8. Comparators, Encoders and Multiplexers1 Weve discussed a number of combinational circuits that ar
Kentucky - AEC - 302
University of KentuckyCollege of Agriculture Department of Agricultural EconomicsAEC 302 FALL 2003 Name Section Number EXAM III General Instructions: 1. 2. 3. 4. 5. 6. 7. Circle the appropriate answer on Section I. A calculator may be used. Notes
UMass (Amherst) - HIST - 180
How geologists thinkJohn McPheeIn this passage, author John McPhee is on a field trip with Kenneth Deffeyes, a professor of geology at Princeton University. While digging for rocks, the two men discuss plate-tectonic theory, the modern theory of "c
Kentucky - CHE - 101
Please write your name _1 Please write your student number _Third Midterm Exam CHE 101Answer each question in the space provided please. Use the backs of exam pages for scratch work only, the backs of exam pages will NOT be graded. Remember, that
Kentucky - CHE - 101
Themes From Oct. 31Energy output points from the citric acid cycleNADH and FADH2:Relay runners, passing high energy Hs to the top of a `water wheel' which they will drive, to produce more ATP.GTP, like ATP:explicit energy.The `average' eukar
UMass (Amherst) - POLSC - 356
University of Massachusetts Amherst Fall 2006 THE PROBLEMSPolitical Science 356 M.J. Peterson15 Sept. Exercise: Riot Control research hint: the full text of the CWC is available via http:/disarmament.un.org/TreatyStatus.nsf On August 24th 2006 Po
Kentucky - FIN - 464
Commercial Mortgage-Backed SecuritiesNational University of Singapore July 27, 2001Notes from lecture given by Brent Ambrose at National University of Singapore July 2001July 2001 Brent W. Ambrose, University of Kentucky 1COMMERICAL MORTGAGEBAC
Kentucky - MA - 551
[Munkres, Problem 6, page 181] Problem. Let (X, d) be a metric space. If f : X - X satisfies the condition d(f (x), f (y) = d(x, y) for all x, y X, then f is called an isometry of X. Show that if f is an isometry and X is compact, then f is bijectiv
Kentucky - MA - 321
MA/CS 321:001 MWF 11:0011:50 FB 213 Fall 2004Instructor: Russell Brown Oce: POT741 Phone: 257-3951 russell.brown@uky.eduAnnouncements. Homework 7 will be due on Monday, 1 November 2004. The exam will be delayed until Friday, 5 November 2004. Plea
UMass (Amherst) - BIEP - 540
PubHlth 540Hypothesis TestingPage 1 of 55Unit 7. Hypothesis TestingTopic1. The Logic of Hypothesis Testing . 2. Beware the Statistical Hypothesis Test . 3. Introduction to Type I, II Error and Statistical Power . 4. Normal: Test for , 2 Kno
Taylor IN - COS - 104
Telecommunications (Chapter 6)Thursday, September 26Agenda TWOtestimonies? Video 7:00 PM Thursday & Friday Questions? LectureAnalog vs. DigitalAnalog: signal of continuously varying strength and/or quality Digital: signal represente
Taylor IN - CSE - 121
While WaitingRichard Pattis quotes Programming languages, like pizzas, come in too sizes; too big and too small. The code for a computer system provides the ecology in which [more] code is born, matures, and dies. A well-designed habitat allows fo
Taylor IN - CSE - 280
Lisp-ish quotes while waiting "Lisp is a programmable programming language." - John Foderaro, CACM, September 1991 "One can even conjecture that Lisp owes its survival specifically to the fact that its programs are lists, which everyone, including
Duke - STA - 216
Bayesian Analysis of Structural Equation Models Sperm Motility Example Summary of sperm motility data Outcome Dose Mean SD Y1 0 88.4 9.21 8 76.1 7.54 24 82.1 15.6 72 77.2 13.3 Y2 0 0.219 0.013 8 0.216 0.013 24 0.207 0.012 72 0.206 0.020 Y3 0 25.5 2.7
Duke - STA - 216
STA 216, Generalized Linear Models, Lecture 8September 19, 2008High-dimensional PredictorsData Augmentation for Binary DataAlternatives to SSVSA variety of fast alternatives to SSVS have been proposed Many approaches rely on sparse maximum
Duke - STA - 216
STA 216 Generalized Linear ModelsMeets: 2:50-4:05 T/TH (Old Chem 025)Instructor: David Dunson 219A Old Chemistry, 684-8025 dunson@stat.duke.edu Teaching Assistant: Jenhwa Chu 114 Old Chemistry jenhwa@stat.duke.eduSTA 216 SyllabusTopics to be c
Duke - STA - 103
STA103 Spring 2001Name Circle section: F 8:00, F 9:10, F 10:30, F 11:50Diagnostic QuizSTA103 is more math-intensive than STA101 or STA102; you need to have completed at least MTH31 or its equivalent to do well in the class. The simple problems t
Duke - STA - 294
Pairwise comparison table Calculate all pairwise alignment scores and arrange them in a table S1 S2 S3 S4 S5 2 0 9 1S1 10 5 4 S2 10 25 8 S3 5 25 11 S4 4 8 11 S5 2 0 9 1Convert all score into distances . 1. FengDoolitle : D=log(SSrand)/(SmaxSrand)
Duke - STA - 216
STA 216 Fall 2000 Assignment 4 Refer to the binary regression O-ring example from class. 1. Write down the expression for the working response Z and the weights W for complementary log-log link. 2. Carry out k steps of the Fisher scoring algorithm us
Duke - STA - 216
alpha0alpha1pi[i]Y[i]for(i IN 1 : 24)alpha1 5.55112E-17 -0.2 -0.4 -0.6 10850 10900 10950 iteration 40.0 30.0 20.0 10.0 0.0alpha1 1.0 0.5 0.0 -0.5 -1.0 0 20 lag 40 1.0 0.5 0.0 -0.5 -1.0 2XWSXIURGHIDXRJPRGHO*UDSK
Duke - STA - 103
Multivariate probability distributions Often we are interested in more than 1 aspect of an experiment/trial Will have more than 1 random variable Interest the probability of a combination of events (results of the different aspects of the experim
Duke - STA - 104
STA 104 MTH 135Name: Probability First Test 2:10-3:30 pm Thursday, 3 October 1996This is a closed-book examination, so please do not refer to your notes, the text, or to any other books. If you dont understand something in one of the questions fe
Duke - STA - 216
STA 216 Fall 2000 Assignment 3 Refer to the O-ring example from class and the last assignment. Assume that you have M possible models (M1 , . . . , MM ) for O-ring failure and that you can calculate the posterior probability of each model (Mj |Y ). F
Taylor IN - COS - 381
1IntroductionFor this lab, you are going to begin the construction of your simulated computer. The resulting component of this assignment is a 32 32 register file, that is a set of 32 registers each of which is 32 bits in size. See Figure 5.7 in
Taylor IN - COS - 382
Lexical AnalysisJonathan GeislerFebrurary 8, 2006Jonathan GeislerLexical AnalysisLanguage RecognitionLets use the same grammar as Monday and validate a sentence for that grammar: 1/2.5=Jonathan GeislerLexical AnalysisParse treesThi
Duke - STA - 242
% D0 @8 3 @ 6 ( 6 d (' 6 ( D F ' 62 B (' 3 E ( 3A F @ 2A YB u 1 (A D B c 8 ( V H 9 E u x Rc G(D F Q( ( 0 ` W (A B W t CD B 3 B' F ( 3 @D F G 6C 3 C E5 d kl 35 (B D1 B Rc 1 ( Q(@ d 3A 6B G k 0 B2 3 D' C5 dj D i Q3 G@ A (C 3 9 9(@
Duke - STA - 242
' (' c 9rQI S a C S Y A sA A )`VAR%3yeav)wYBSVC%ifVWeC4d4VIi9zVQw9`T4BI9 VI9x3eC%BIH4ea4)iYwss vqUWVSBc4eaBSDBAb`4VIxEABYXDVADeWeS4`BYHVAR3R%BIp%eYBSR%Bfw9ESheapvCb`eAiShi}iYeRY S o S 9 A Sd W A G ( 9 c 9aAW A 9 Cf 9 9Q sr YW Y 9 cQ 9Q 9 Ca 9Q
Duke - STA - 244
STA2444/23/2003Take Home Final ExamDue 5/1/2003 by 5pm This is an open note/open book test. All work must be your own.Study of the growth of plants can be a crucial element in understanding how they compete for resources. For example, soybean
Duke - STA - 244
STA2444/7/2003Homework 7Due 4/14/2001 1. The matrix X(i) X(i) can be written as X(i) X(i) = X X - xi xi where xi is the ith row of X and X(i) is the matrix X with the ith row removed. Use this to show (X(i) X(i) )-1 = (X X)-1 + (X X)-1 xi xi (X
Duke - STA - 244
STA2441/15/2003Homework 2Due 1/22/2003 1. Write the following two way analysis of variance (AOV) model with interactions Yijk = + i + j + ij + with i = 1, 2, 3, j = 1, 2, k = 1, 2 in matrix notation. 2. Suppose we have a k k matrix S partition
Duke - STA - 244
STA2442/28/2005Homework 5Due 3/7/2001 1. For a random vector n , is called exchangeable if has the same distribution as any permutation of the vector . If is exchangeable, prove that E( ) = 1 ( ), and that the Cov( ) = has the forma a b .
Duke - STA - 244
STA2441/15/2001Homework 1Due 1/22/20011. Assume that we have a sample of size n where Y i = 0 + 1 Xi + e i and the errors ei are iid N (0, 2 ). (a) Find the maximum likelihood estimator of 2 , 2 . Hint: let = 2 and maximize. ^ (b) Under
Duke - STA - 103
j3{a" r"D jmR"jE9" "h9r! Em {"6{!9h4!" 6 Em!ED j RR4 Ew{9r4j 7"{h9 m!9 ' r9D jmREp"j7tj r7E{m!9 49 6r9BX EBr{p !4hD 3h b rq T1I b ` X '
Duke - STA - 244
STA2442/5/2005Homework 3Due 2/12/2001 1. Recall from class that a non-central 2 (m, ) can be represented as a Poisson mixture of central 2 random variables, where Y P (/2) and X|Y 2 (m + 2y, 0). Find the mean and variance of a non-central Chi-
Duke - STA - 103
p2hGuBgB@G8ey$uHx3G4(f'Be2Cy$02#dBr}X`v2!XhX1gB'0(fX`'dufdGF'0ffxEVz w Gxp( 7 7 C ) W!t h I# % %t 1` 1 # 3 h C h )t ) # % h c! !t c! ! E # W p p t T x` 1 h` q u@G f h g f d 8Ve (H f q u@G q u@G f h qp 8@ruf u Yr@ruiH f s f qp q u@G
Duke - STA - 103
v @ ' @ 9 u@4Cb'0B")Q~u5q d5s9tgts 84iq8qB")qYU'rRQuIQ8D ' @ R1p YV1 6 qY'AIqVIPUCg9dqd&FB6&BrV8AapQ6U@rTrR2EFQ9p$ @9 'Y T d ' '7 @ 1 x T1 f 9 TD1D d vgIG"dw6 rRQuh'C u@ qVIswqYb't@4ph'h'UCw|UCIqG4p0$ ' @ R1 d T ') ` d T T d p 4g9bdqdF
Duke - STA - 244
STA2444/9/2002Homework 7Due 4/16/2001 1. Problem 15.7 in CW. To obtain case diagnostics in S-Plus, fit a model using the QR option, i.e. mylm.obj <- lm(Y X1 + X2, data=mydataframe, qr=T) To obtain the case diagnostics, use the function ls.diag(
Duke - STA - 103
g c gycp x c j e d p p x uy e d t r ey c d pc p e ~isq~n"cfreqqg "q%tsmis|q~g c d uc u xe x c d c p | pe re c jl s'}ers weup1Wy~y sfesqk qknk yc d ey c d pc p e g p upp rcyc u t yc t r sc q%qe srs|q~nuc1ux%q Tssxv3s"9 a p p x uy e d
Duke - STA - 103
h7W9AAP Br2rW 014sGC3 d bc2G90'DbcGAVb{b652IIr2B@I65{Dbfb8fD28fS65rS6db`U01`@DrA 3 q l P 37A) w v 3 H7 9 H7 1 3)7 5 PW ')CA97 3 7) H7 v 5 ) iuxhfi xh F 3A w v d w 3 ) d 3 97) H42FtSt2PzBBbH G9BSG942@Dp2tbI@b822@01b01b6501SxSH s 7 PA 9 H7 9A Q9A