Ohio State University researcher Ness Shroff and colleagues say their technique can automatically detect, within minutes, when an Internet worm has infected a computer network, allowing administrators to isolate the infected machines and hold them in quarantine for repairs.
"These worms spread very quickly," Shroff said. "They flood the 'Net with junk traffic and, at their most benign, they overload computer networks and shut them down."
The researchers said the key to the new technique is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans -- a sign that it has been infected -- administrators should take it offline and check for viruses.
In simulations they were able to prevent the spread of worm infections to less than 150 hosts on the whole Internet, 95 percent of the time.
The technique is described in the journal IEEE Transactions on Dependable and Secure Computing.