Abstract
Node behavior profiling is a promising tool in many aspects of network security, especially in malware detection. In this paper, based on node behavior profiles proposed in the literature, we propose a fast anomaly detection scheme using SPRT (Sequential Probability Ratio Test) for malware/worm detection. The key idea of this paper is, instead of checking most of the nodes in a network, only a small number of sample nodes are required for detection with the help of SPRT. In our initial studies, we evaluate the fast detection scheme using real enterprise data (LBNL traces). The results show that the fast detection scheme achieves good performances in terms of low false positive and high detection rates.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
