Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Defense and Detection Strategies against Internet Worms offers insight into worm trends and behavior, providing practical protection techniques

London.– Oct 27, 2003 – Arbor Networks™, the leading provider of network anomaly detection solutions, today announced the publication of Defense and Detection Strategies against Internet Worms (ISBN 1-58053-537-2), authored by Arbor Networks worm researcher and software engineer Dr. Jose Nazario. The book, published by Artech House Publishers, a leading publisher of books and software for high tech professionals, is available now.

"The recent history of worms, viruses, and widespread vulnerabilities indicates that global security threats have dramatically escalated in impact and frequency. The Internet ecology — in which increasingly sophisticated worm code takes advantage of persistent, ubiquitous vulnerabilities — is, and always will be, fertile ground for new attacks,” said Dr. Nazario. “To address these issues, new breeds of detection and defense systems are emerging, including anomaly detection systems, which assist in the characterization of zero-day threats. The impact of this technology is becoming apparent, but the arms race between attackers and defenders continues."

Arbor's ongoing monitoring of global worm activity supports this hypothesis: Code Red, Nimda, and Blaster currently account for over 32,000 unique infected systems each day on the Internet. These infection rates are particularly vexing considering that Code Red and Nimda, which account for more than half of this total, are two years old. To date, Arbor’s monitoring system has observed more than 5 million unique Code Red sources and over 275,000 unique Blaster worm source addresses. Collectively, these infected hosts generate more than 20 million infection attempts per day.

Defense and Detection Strategies against Internet Worms enables security and network managers to put these rising worm trends into perspective with practical instruction in detection and defense techniques utilizing data from live networks, real IP addresses, and commercial tools. The book explains classifications and groupings of worms, and offers a deeper understanding of how they threaten network and system security.

After examining how a worm is constructed and how its major life cycle steps are implemented, the book reviews how worm targets are changing to yield more devastating impact. Moreover, the book evaluates the strengths and weaknesses of three different detection approaches: traffic analysis, honeypots and dark network monitors, and signature analysis. The book concludes with a discussion of four effective defenses against network worms, including host-based defenses; network firewalls and filters; application layer proxies; and direct attacks on the worm network itself.

About the Author

Dr. Jose Nazario is a worm researcher and senior software engineer at Arbor Networks. Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet events such as DDoS attacks and worms, source code analysis methods and datamining. He routinely writes and speaks on Internet security in forums that include NANOG, USENIX Security, BlackHat Briefings, CanSecWest and SANS. Dr. Nazario holds a Ph.D. in biochemistry from Case Western Reserve University.

Note to the media: Dr. Nazario is available to discuss the findings of his book, and generally to provide insight and commentary on worms and related Internet security issues. To arrange a conversation with Dr. Nazario or request a review copy of the book, please contact Jess Hawks of Arbor Networks, at (781) 738 6508 or

About Arbor Networks

Arbor’s network-wide anomaly detection solutions protect organizations from zero-day security threats like DDoS attacks and worms, and operational vulnerabilities like peering issues and routing instability. Built upon the proven Peakflow platform, Arbor solutions provide a holistic, real-time model of network activity enabling organizations to better align network operations with business objectives. Funded by Battery Ventures, Thomas Weisel Venture Partners, Cisco Systems, Comcast Interactive Capital, SAIC Venture Capital Corporation, Ironside Ventures and EDF Ventures, Arbor is headquartered in Lexington, MA, with a research and development office in Ann Arbor, MI and EMEA headquarters in London. For more information, visit

About Artech House

Artech House is a leading publisher of cutting-edge books for professionals and students in a broad range of high-tech subjects, ranging from wireless communications to software engineering and project management. With offices in Boston and London, Artech House is a subsidiary of Horizon House Publications, Inc., publisher of the internationally acclaimed magazines Telecommunications®, Microwave Journal®, and the Journal of Electronic Defense®. For more information, visit


Copyright (c) 2001-2003 Arbor Networks, Inc. All rights reserved. Arbor Networks, the Arbor Networks logo, Peakflow and the Peakflow logo, and ArbOS are trademarks of Arbor Networks, Inc. in the USA and other countries. All other trademarks are the property of their respective owners.


Jess Hawks

Arbor Networks

+1 781 768 3253

+1 617 738 6508 (mobile)

PR Contact

Mo Murphy


+44 (0)207 686 0625

This press release was distributed by ResponseSource Press Release Wire on behalf of Arbor Networks in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit