Detecting worms based on candidate combination frequent pattern in Internet backbones
基于候选组合频繁模式的骨干网蠕虫检测研究

The present worm detection methods have been mostly based on packets and less with IP flows in Internet backbones. They also cannot accurately describe the worm's scan-pattern. A method was presented to detect worms in Internet Backbones with flow data circumstance. First, find suspicious hosts by checking the increasing coefficients of Flow Activity Degree and Destination IP Address. Then, detect worms based on Candidate Combination Frequent Pattern Mining (CCFPM) algorithm. The results show that this meth...