Network Worm Detection Using Markov's and Cantelli's Inequalities

This paper presents a method of detecting network worms, which makes use of Markov's and Cantelli's statistical inequalities. This method is compared with a detection method based on one used in a commercial security product, using a data set consisting of over 3 million packets sampled from an enterprise network. The Markov-Cantelli detection method produces considerably fewer false alarms than the comparison method.