IEEE/ACM Transactions on Networking (TON)
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Design, Implementation and Test of an Email Virus Throttle
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Defense and Detection Strategies against Internet Worms
Defense and Detection Strategies against Internet Worms
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Worm Origin Identification Using Random Moonwalks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
Security and Communication Networks
| Hi-index | 0.00 |
An automatic distributed mechanism is proposed to identify thepropagation roots of fast spreading internet worms. The informationobtained can be used to identify local worm outbreaks, identifynetwork intrusion, identify internal network misuse, and help withthe forensic trace-back after detection. It has been designed withsimplicity, efficacy, and ease of deployment in mind. Two modes ofoperation are possible, yielding both real-time and post mortempropagation information. The proposed paradigm can work in unisonwith any intrusion detection, throttling and human-mediatedresponses. Simulation results show that even with only 20 30%deployment, worm origins can be pinpointed with greatprecision.