Scanning worm detection with ARP anomaly in local area network

Jianwei Sun; Junkai Yi

Scanning worm detection with ARP anomaly in local area network

Jianwei Sun^*
, Junkai Yi

^*Corresponding author for this work

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Local area network (LAN) is usually partitioned into multiple Virtual LANs (VLAN). A scanning worm targeting systems within its own VLAN exhibits anomalous behavior distinct from normal Address Resolution Protocol (ARP) activity. The paper proposes an anomaly-based detection technique based on the ARP activities of individual host to detect propagation of scanning worms. Our experiments indicate that this technique is both accurate and rapid to detect and contain the worm propagation in LAN.

Original language	English
Title of host publication	Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006
Pages	155-159
Number of pages	5
Publication status	Published - 2006
Externally published	Yes
Event	5th IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006 - St. Thomas, US Virgin Islands, United States Duration: 29 Nov 2006 → 1 Dec 2006

Publication series

Name	Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006

Conference

Conference	5th IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006
Country/Territory	United States
City	St. Thomas, US Virgin Islands
Period	29/11/06 → 1/12/06

Keywords

Address Resolution Protocol (ARP)
Anomaly detection
Scanning worm

Cite this

@inproceedings{ccb7305a299b4a4e8f8ba217c6b7ed4d,

title = "Scanning worm detection with ARP anomaly in local area network",

abstract = "Local area network (LAN) is usually partitioned into multiple Virtual LANs (VLAN). A scanning worm targeting systems within its own VLAN exhibits anomalous behavior distinct from normal Address Resolution Protocol (ARP) activity. The paper proposes an anomaly-based detection technique based on the ARP activities of individual host to detect propagation of scanning worms. Our experiments indicate that this technique is both accurate and rapid to detect and contain the worm propagation in LAN.",

keywords = "Address Resolution Protocol (ARP), Anomaly detection, Scanning worm",

author = "Jianwei Sun and Junkai Yi",

year = "2006",

language = "English",

isbn = "9780889866157",

series = "Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006",

pages = "155--159",

booktitle = "Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006",

note = "5th IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006 ; Conference date: 29-11-2006 Through 01-12-2006",

}

Sun, J & Yi, J 2006, Scanning worm detection with ARP anomaly in local area network. in Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006. Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006, pp. 155-159, 5th IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006, St. Thomas, US Virgin Islands, United States, 29/11/06.

Scanning worm detection with ARP anomaly in local area network. / Sun, Jianwei; Yi, Junkai.
Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006. 2006. p. 155-159 (Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Scanning worm detection with ARP anomaly in local area network

AU - Sun, Jianwei

AU - Yi, Junkai

PY - 2006

Y1 - 2006

N2 - Local area network (LAN) is usually partitioned into multiple Virtual LANs (VLAN). A scanning worm targeting systems within its own VLAN exhibits anomalous behavior distinct from normal Address Resolution Protocol (ARP) activity. The paper proposes an anomaly-based detection technique based on the ARP activities of individual host to detect propagation of scanning worms. Our experiments indicate that this technique is both accurate and rapid to detect and contain the worm propagation in LAN.

AB - Local area network (LAN) is usually partitioned into multiple Virtual LANs (VLAN). A scanning worm targeting systems within its own VLAN exhibits anomalous behavior distinct from normal Address Resolution Protocol (ARP) activity. The paper proposes an anomaly-based detection technique based on the ARP activities of individual host to detect propagation of scanning worms. Our experiments indicate that this technique is both accurate and rapid to detect and contain the worm propagation in LAN.

KW - Address Resolution Protocol (ARP)

KW - Anomaly detection

KW - Scanning worm

UR - https://www.scopus.com/pages/publications/38349083216

M3 - Conference contribution

AN - SCOPUS:38349083216

SN - 9780889866157

T3 - Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006

SP - 155

EP - 159

BT - Proceedings of the Fifth IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006

T2 - 5th IASTED International Conference on Communications, Internet, and Information Technology, CIIT 2006

Y2 - 29 November 2006 through 1 December 2006

ER -

Scanning worm detection with ARP anomaly in local area network

Abstract

Publication series

Conference

Keywords

Other files and links

Fingerprint

Cite this