J. Sun and J. Yi (PRC)
Address Resolution Protocol (ARP), Anomaly Detection, Scanning Worm
Local area network (LAN) is usually partitioned into multiple Virtual LANs (VLAN). A scanning worm targeting systems within its own VLAN exhibits anomalous behavior distinct from normal Address Resolution Protocol (ARP) activity. The paper proposes an anomaly-based detection technique based on the ARP activities of individual host to detect propagation of scanning worms. Our experiments indicate that this technique is both accurate and rapid to detect and contain the worm propagation in LAN.
Important Links:
Go Back
