DNS performance and the effectiveness of caching
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Modeling the effects of timing parameters on virus propagation
Proceedings of the 2003 ACM workshop on Rapid malcode
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Dynamic Quarantine of Internet Worms
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2004 ACM workshop on Rapid malcode
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Proactive security for mobile messaging networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Boundary detection and containment of local worm infections
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Containment of network worms via per-process rate-limiting
Proceedings of the 4th international conference on Security and privacy in communication netowrks
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Adaptive detection of local scanners
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
| Hi-index | 0.00 |
One class of worm defense techniques that received attention of late is to “rate limit” outbound traffic to contain fast spreading worms. Several proposals of rate limiting techniques have appeared in the literature, each with a different take on the impetus behind rate limiting. This paper presents an empirical analysis on different rate limiting schemes using real traffic and attack traces from a sizable network. In the analysis we isolate and investigate the impact of the critical parameters for each scheme and seek to understand how these parameters might be set in realistic network settings. Analysis shows that using DNS-based rate limiting has substantially lower error rates than schemes based on other traffic statistics. The analysis additionally brings to light a number of issues with respect to rate limiting at large. We explore the impact of these issues in the context of general worm containment.