IEEE Security and Privacy
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
An overview of the OMNeT++ simulation environment
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Realistic simulation environments for IP-based networks
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Ponder2 - A Policy Environment for Autonomous Pervasive Systems
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
Proceedings of the 15th annual international conference on Mobile computing and networking
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security
Computer Networks: The International Journal of Computer and Telecommunications Networking
A signal processing view on packet sampling and anomaly detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Characterizing and defending against divide-conquer-scanning worms
Computer Networks: The International Journal of Computer and Telecommunications Networking
Policy-driven network simulation: a resilience case study
Proceedings of the 2011 ACM Symposium on Applied Computing
A survey of internet worm detection and containment
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be effective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm's signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel resilience strategy for the detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various traffic features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is flexible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms.