R. Anderson, E. Biham, and L. Knudsen. Serpent: A Proposal for the Advanced Encryption Standard.
B. Bloom. Space_Time Trade-offs in Hash Coding with Allowable Errors. CACM, July 1970.
CERT. CERT Advisory CA-2001-26 Nimda Worm, http://www.cert.org/advisories/ca-2001-26.html.
CERT. Code Red 11: Another Worm Exploiting Buffer Overflow in IIS Indexing Service DLL, http://www.cert.org/incident-notes/in-2001-09.html.
S. Crosby and D. Wallach. Denial of Service via Algorithmic Complexity Attacks. In Proceedings of the 12th USENIX Security Symposium. USENIX, August 2003.
Deter: A laboratory for security research, http://www.isi.edu/deter/.
eEye Digital Security..ida “Code Red” Worm, http://www.eeye.corn/htmVResearch/ Advisories/AL20010717.htrnl.
K. Egevang and P. Francis. Rfc 1631-the ip network address translator (nat).
L. T. Heberlein, G. Dias, K. Levitt, B. Mukerjee, J. Wood, and D. Wolber. A Network Security Monitor. In Proceedings of the IEEE Symopisum on Research in Security and Privacy, 1990.
J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In 2004 IEEE Symposium on Security and Privacy, to appear, 2004.
J. Jung, S. Schechter, and A. Berger. Fast Detection of Scanning Worm Infections, in submission.
E. KoNer, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek. The click modular router. ACM Transactions on Computer Systems
, 18(3):264–297, August 2000.Google Scholar
C. Leckie and R. Kotagiri. A Probabilistic Approach to Detecting Network Scans. In Proceedings of the Eighth IEEE Network Operations and Management Symposium (NOMS 2002), 2002.
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the Slammer Worm. IEEE Magazine of Security and Privacy, pages 33–39, July/August 2003 2003.
D. Moore, C. Shannon, G. M. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-propagating Code, 2003.
M. Networks. http://www.rniragenetworks.com/.
D. Nojiri, J. Rowe, and K. Levitt. Cooperative Response Strategies for Large Scale Attack Mitigation. In Proc. DARPA DISCEXIII Conference, 2003.
H. Packard. Connection-rate filtering based on virus-trottling tecnology, http://www.hp.com/rnd/pdf_html/virus-throttling_tech_brief.htm.
V. Paxson. Bro: a System for Detecting Network iItruders in Real-Time. Computer Networks
, 31(23-24):2435–2463,1999.CrossRefGoogle Scholar
D. Plummer. Rfc 826-ethemet address resolution protocol.
G. Project. Gnutella, A Protocol for Revolution, http://rfc-gnutella.sourceforge.net/.
S. Robertson, E. V. Siegel, M. Miller, and S. J. Stolfo. Surveillance Detection in High Bandwidth Environments. In Proc. DARPA DISCEX III Conference, 2003.
S. E. Schechter, J. Jung, and A. W. Berger. Fast Detection of Scanning Worm Infections. In Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sept. 15-17,2004.
Silicon Defense. Countermalice Worm Containment, http://www.silicondefense.com/ products/countermalice/.
Snort.org. Snort, the Open Source Network Intrusion Detection System, http://www.snort.org/.
S. Staniford. Containment of Scanning Worms in Enterprise Networks. Journal of Computer Security, to appear, 2004.
S. Staniford, J. Hoagland, and J. McAlemey. Practical Automated Detection of Stealthy Portscans. Journal of Computer Security
, 10: 105–136,2002.Google Scholar
S. Staniford and C. Kahn. Worm Containment in the Internal Network. Technical report, Silicon Defense, 2003.
S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In Proceedings of the 11th USENlX Security Symposium. USENIX, August 2002.
Symantec. W32.blaster.worm, http://securityresponse.symantec.com/avcen_r/venc/datdw32.blaster.worm.html.
J. Vwycross and M. M. Williamson. Implementing and Testing a Virus Throttle. In Proceedings of the 12th USENIXSecurity Symposium. USENIX, August 2003.
N. Weaver, V. Paxson, S. Staniford, and R. Cunningham. A Taxonomy of Computer Worms. In The First ACM Workshop on Rapid Malcode (WORM), 2003.
B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar. An integrated experimental environment for distributed systems and networks. In Proc. of the Fzfth Symposium on Operating Systems Design and Implementation,pages 255–270, Boston, MA, Dec. 2002. USENIX Association.
D. Whyte, P. vas Oorschot, and E. Kranakis. Arp-based detection of scanning worms within an enterprise network. In In proceedings of Annual Computer Security Applications Conference (ACSAC 2005),Tucson, AZ, December 2005.
M. M. Williamson. Throttling Viruses: Restricting Propagation to Defeat Mobile Malicious Code. In ACSAC, 2002.
Xilinx Inc. Xilinx ML300 Development Platform, http://www.xilinx.com/products/boards/ml300/.
C. C. Zou, W. Gong, and D. Towsley. Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In The First ACM Workshop on Rapid Malcode (WORM), 2003.