Resilience strategies for networked malware detection and remediation

Authors:
Yue Yu;Michael Fry;Bernhard Plattner;Paul Smith;Alberto Schaeffer-Filho
Affiliations:
School of Information Technologies, University of Sydney, Australia;School of Information Technologies, University of Sydney, Australia;Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland;Safety and Security Department, AIT Austrian Institute of Technology, Austria;School of Computing and Communications, Lancaster University, UK
Venue:
NSS'12 Proceedings of the 6th international conference on Network and System Security
Year:
2012

Citing 13
Cited 0

Inside the Slammer Worm

IEEE Security and Privacy
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
DAW: A Distributed Antiworm System

IEEE Transactions on Parallel and Distributed Systems
An overview of the OMNeT++ simulation environment

Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Realistic simulation environments for IP-based networks

Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Ponder2 - A Policy Environment for Autonomous Pervasive Systems

POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks

Proceedings of the 15th annual international conference on Mobile computing and networking
An information-theoretic view of network-aware malware attacks

IEEE Transactions on Information Forensics and Security
Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines

Computer Networks: The International Journal of Computer and Telecommunications Networking
A signal processing view on packet sampling and anomaly detection

INFOCOM'10 Proceedings of the 29th conference on Information communications
Characterizing and defending against divide-conquer-scanning worms

Computer Networks: The International Journal of Computer and Telecommunications Networking
Policy-driven network simulation: a resilience case study

Proceedings of the 2011 ACM Symposium on Applied Computing
A survey of internet worm detection and containment

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be effective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm's signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel resilience strategy for the detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various traffic features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is flexible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms.