Computing That Serves

A Behavioral Approach to Worm Detection


Thursday, September 15, 2005 - 11:09am


Dan Ellis, Senior Information Security Scientist, MITRE

Network worms can spread across an enterprise in seconds (or less!). They can carry arbitrary payloads. Further, worms can be launched with little to no warning and may exploit a flaw previously unknown. We describe an approach for performing real-time detection and response of network worms in an enterprise setting and discuss its effectiveness. We also describe how we are safely testing this capability in an operational setting.


Dan completed his Bachelor's degree in Computer Science in April 1999. He started a Ph.D. in computer science at UC Santa Barbara the following fall. In 2001, he started working at MITRE where began a research program investigating mobile malicious code, which has dominated his interests since. He also transferred into the Ph.D. program for Information Technology at George Mason University while working at MITRE. He expects to finish his Ph.D. within the next year. Of course, he said that last year, too.