HoneyStat: Local Worm Detection Using Honeypots

Download PDF
Open Webpage

David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian B. Grizzard, John G. Levine, Henry L. Owen

Published: 2004, Last Modified: 13 May 2025RAID 2004EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Worm detection systems have traditionally used global strategies and focused on scan rates. The noise associated with this approach requires statistical techniques and large data sets (e.g., 220 monitored machines) to yield timely alerts and avoid false positives. Worm detection techniques for smaller local networks have not been fully explored.