The detection of RCS worm epidemics

Kurt Rohloff, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution


This paper discusses the problem of automatically detecting the existence of Random Constant Scanning (RCS) worm epidemics on the Internet by observing packet traffic in a local network. The propagation of the RCS worm is modelled as a simple epidemic. An optimal hypothesis-testing approach is presented to detect simple epidemics under idealized conditions baaed on the cumulative sums of log-likelihood ratios. It is shown that there are limitations on the ability of this optimal method to detect several important subclasses of RCS worm epidemics even under idealized conditions.

Original languageEnglish (US)
Title of host publicationWORM'05 - Proceedings of the 2005 ACM Workshop on Rapid Malcode
EditorsA.D. Keromytis
Number of pages6
StatePublished - 2005
EventWORM'05 - 2005 ACM Workshop on Rapid Malcode - Farfax, VA, United States
Duration: Nov 11 2005Nov 11 2005

Publication series

NameWORM'05 - Proceedings of the 2005 ACM Workshop on Rapid Malcode


OtherWORM'05 - 2005 ACM Workshop on Rapid Malcode
Country/TerritoryUnited States
CityFarfax, VA


  • Experimentation
  • Security
  • Theory

ASJC Scopus subject areas

  • General Engineering


Dive into the research topics of 'The detection of RCS worm epidemics'. Together they form a unique fingerprint.

Cite this