Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
Preliminary results using scale-down to explore worm dynamics
Proceedings of the 2004 ACM workshop on Rapid malcode
Proceedings of the 2004 ACM workshop on Rapid malcode
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Visual toolkit for network security experiment specification and data analysis
Proceedings of the 3rd international workshop on Visualization for computer security
Building a time machine for efficient recording and retrieval of high-volume network traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Testbed for evaluating worm containment systems
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Isolated virtualised clusters: testbeds for high-risk security experimentation and training
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
| Hi-index | 0.00 |
The advantage of collaborative containment over independent block or address blacklisting on worm defense has been advocated in previous worm studies. In this work, we will evaluate two collaborative worm containment proposals and present some of the results of our DETER emulation experiments. In the first one, proactive worm containment (PWC), security agents block all suspicious hosts on the network on receiving alerts of a worm and run "relaxation analysis" on those blocked hosts afterwards. Emulation experiments will evaluate PWC's ability to stop the propagation of fast local worms and to reduce scan traffic of fast global scanning worms. The second proposal, which detects and contains a scanning worm based on the concept of dark port, focuses on stealthy worms that target only specific local networks or enterprise networks. Emulation experiments run on the DETER testbed demonstrate the efficiency of local scanning worms and their elevated threat to enterprise networks. The effectiveness of a collaborative containment strategy based on dark port detection is evaluated using DETER emulation and compared with that of individual address blacklisting.