FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Building and Deploying Billy Goat: a Worm-Detection System







Platinum Sponsor

BT



Silver Sponsor

Diageo



Local Host

CERT Coordination Center



Supporting Sponsors

Sun



Google



Hitachi



ISS



E-Secure-IT

Korea CertCC



Conference Schedule

Technical Track

Thursday – June 29th, 14:00

Billy Goat is a worm detection system widely deployed throughout IBM and several other corporate networks. We describe the tools and constructions that we have used in the implementation and deployments of the system, and discuss contributions which could be useful in the implementation of other similar systems. We also discuss the features and requirements of worm detection systems in general, and how they are addressed by Billy Goat, allowing it to perform reliably in terms of scalability, accuracy, resilience and rapidity in detection and identification of worms without false positives.

Authors & presenters

  • CHDiego Zamboni (IBM MSS – IBM Zurich Reserch Laboratory, CH)

  • CHJames Riordan Presenter (IBM MSS – IBM Zurich Reserch Laboratory, CH)

  • CHYann Duponchel (IBM MSS – IBM Zurich Reserch Laboratory, CH)


Conference Schedule