{"id":"https://openalex.org/W4289856816","doi":"https://doi.org/10.1109/tdsc.2022.3194127","title":"On the Detection of Smart, Self-Propagating Internet Worms","display_name":"On the Detection of Smart, Self-Propagating Internet Worms","publication_year":2022,"publication_date":"2022-08-05","ids":{"openalex":"https://openalex.org/W4289856816","doi":"https://doi.org/10.1109/tdsc.2022.3194127"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2022.3194127","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2022.3194127","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100361875","display_name":"Jun Li","orcid":"https://orcid.org/0000-0002-5308-5672"},"institutions":[{"id":"https://openalex.org/I181233156","display_name":"University of Oregon","ror":"https://ror.org/0293rh119","country_code":"US","type":"education","lineage":["https://openalex.org/I181233156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jun Li","raw_affiliation_strings":["Department of Computer and Information Science, University of Oregon, Eugene, OR, USA"],"raw_orcid":"https://orcid.org/0000-0002-5308-5672","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science, University of Oregon, Eugene, OR, USA","institution_ids":["https://openalex.org/I181233156"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085277268","display_name":"Devkishen Sisodia","orcid":"https://orcid.org/0000-0002-2018-1406"},"institutions":[{"id":"https://openalex.org/I181233156","display_name":"University of Oregon","ror":"https://ror.org/0293rh119","country_code":"US","type":"education","lineage":["https://openalex.org/I181233156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Devkishen Sisodia","raw_affiliation_strings":["Department of Computer and Information Science, University of Oregon, Eugene, OR, USA"],"raw_orcid":"https://orcid.org/0000-0002-2018-1406","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science, University of Oregon, Eugene, OR, USA","institution_ids":["https://openalex.org/I181233156"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048809649","display_name":"Shad Stafford","orcid":"https://orcid.org/0000-0002-0719-099X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shad Stafford","raw_affiliation_strings":["Palo Alto Software, Eugene, OR, USA"],"raw_orcid":"https://orcid.org/0000-0002-0719-099X","affiliations":[{"raw_affiliation_string":"Palo Alto Software, Eugene, OR, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.4278,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.63369375,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":"20","issue":"4","first_page":"3051","last_page":"3063"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sword","display_name":"SWORD","score":0.812311053276062},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7827210426330566},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6461942195892334},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6229656934738159},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.5677872896194458},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.46802908182144165},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.4311607778072357},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.13818123936653137}],"concepts":[{"id":"https://openalex.org/C2781424646","wikidata":"https://www.wikidata.org/wiki/Q7395200","display_name":"SWORD","level":2,"score":0.812311053276062},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7827210426330566},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6461942195892334},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6229656934738159},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.5677872896194458},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.46802908182144165},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.4311607778072357},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.13818123936653137},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2022.3194127","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2022.3194127","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6781553203","display_name":null,"funder_award_id":"0644434","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"}],"funders":[{"id":"https://openalex.org/F4320335353","display_name":"National Science Foundation of Sri Lanka","ror":"https://ror.org/010xaa060"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W88694106","https://openalex.org/W1498585374","https://openalex.org/W1527422375","https://openalex.org/W1586871184","https://openalex.org/W1597305440","https://openalex.org/W1775772884","https://openalex.org/W1913575206","https://openalex.org/W2100198871","https://openalex.org/W2102970979","https://openalex.org/W2104966990","https://openalex.org/W2105014180","https://openalex.org/W2105140491","https://openalex.org/W2111571136","https://openalex.org/W2114996745","https://openalex.org/W2133580356","https://openalex.org/W2151996777","https://openalex.org/W2310815985","https://openalex.org/W2748868501","https://openalex.org/W2912751985","https://openalex.org/W2929305171","https://openalex.org/W3102758057","https://openalex.org/W3111390419","https://openalex.org/W3159521830","https://openalex.org/W6603729080","https://openalex.org/W6629791766","https://openalex.org/W6634996908","https://openalex.org/W6635716266","https://openalex.org/W6638021444","https://openalex.org/W6675416627","https://openalex.org/W6743493502","https://openalex.org/W6794840795"],"related_works":["https://openalex.org/W4388437661","https://openalex.org/W2807752174","https://openalex.org/W3144335818","https://openalex.org/W2798475058","https://openalex.org/W4254099759","https://openalex.org/W4255153174","https://openalex.org/W606096353","https://openalex.org/W2294483539","https://openalex.org/W4312540572","https://openalex.org/W2808320746"],"abstract_inverted_index":{"Self-propagating":[0],"worms":[1,63,72],"can":[2],"infect":[3],"millions":[4],"of":[5,105,112,124],"computers":[6],"on":[7,61,88,120],"the":[8,17,89,102,121,147],"Internet":[9,90],"in":[10,97],"just":[11],"several":[12],"minutes.":[13],"As":[14],"witnessed":[15],"by":[16],"recent":[18],"Mirai":[19,163],"and":[20,28,77,135,146,160,181],"WannaCry":[21],"worms,":[22,84,184,188],"worm":[23,34,50,95,116,158,164],"attacks":[24],"are":[25,192],"real,":[26],"destructive,":[27],"continue":[29],"to":[30,82,131,136,172],"persist.":[31],"Although":[32],"many":[33,78],"detectors":[35,174],"exist,":[36],"most":[37],"that":[38,118,168,191],"we":[39,166],"studied":[40],"suffer":[41],"from":[42,49,134],"three":[43],"drawbacks:":[44],"none":[45],"systematically":[46],"consider":[47],"countermeasures":[48],"authors,":[51],"potentially":[52],"causing":[53],"low":[54],"effectiveness":[55],"against":[56,70],"evasive":[57,182],"worms;":[58],"all":[59],"focus":[60],"outbound":[62,183],"leaving":[64,67],"a":[65,74,114,137,161],"network,":[66,139],"their":[68,86],"efficacy":[69],"inbound":[71,187],"entering":[73],"network":[75],"unanswered;":[76],"require":[79],"bi-directional":[80],"traffic":[81,159],"detect":[83],"making":[85],"placement":[87],"inflexible.":[91],"We":[92,108],"therefore":[93],"revisit":[94],"detection":[96],"this":[98],"paper,":[99],"while":[100],"avoiding":[101],"aforementioned":[103],"drawbacks":[104],"existing":[106,173],"work.":[107],"describe":[109],"our":[110],"design":[111],"SWORD,":[113],"new":[115],"detector":[117],"focuses":[119],"fundamental":[122],"behavior":[123],"worms.":[125],"It":[126],"includes":[127],"two":[128],"complementary":[129],"modules":[130],"monitor":[132],"connections":[133],"protected":[138],"with":[140],"one":[141],"module":[142],"monitoring":[143],"burst":[144],"durations":[145],"other":[148],"ensuring":[149],"quiescent":[150],"periods.":[151],"Via":[152],"extensive":[153],"experiments":[154],"using":[155],"both":[156,179],"simulated":[157],"real-world":[162],"trace,":[165],"demonstrate":[167],"SWORD":[169],"is":[170],"superior":[171],"at":[175],"not":[176],"only":[177],"detecting":[178],"classic":[180],"but":[185],"also":[186],"especially":[189],"those":[190],"superspreading":[193],"or":[194],"surreptitious.":[195]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}