Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
IEEE Security and Privacy
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Hi-index | 0.00 |
This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects.