Preserving peer replicas by rate-limited sampled voting
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Proceedings of the 2003 ACM workshop on Rapid malcode
Locality: a new paradigm for thinking about normal behavior and outsider threat
Proceedings of the 2003 workshop on New security paradigms
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Resilient infrastructure for network security
Complexity - Special issue: Resilient and adaptive defense of computing networks
Proceedings of the 2004 ACM workshop on Rapid malcode
Proceedings of the 2004 ACM workshop on Rapid malcode
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
On achieving software diversity for improved network security using distributed coloring algorithms
Proceedings of the 11th ACM conference on Computer and communications security
The LOCKSS peer-to-peer digital preservation system
ACM Transactions on Computer Systems (TOCS)
More Netflow Tools for Performance and Security
LISA '04 Proceedings of the 18th USENIX conference on System administration
Characterizing antivirus workload execution
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
On instant messaging worms, analysis and countermeasures
Proceedings of the 2005 ACM workshop on Rapid malcode
On the effectiveness of automatic patching
Proceedings of the 2005 ACM workshop on Rapid malcode
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Impeding attrition attacks in P2P systems
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Proactive security for mobile messaging networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Early detection and propagation mitigation of worm programs
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Proceedings of the 4th ACM workshop on Recurring malcode
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Thresholds for virus spread on networks
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs
WOSP '07 Proceedings of the 6th international workshop on Software and performance
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Effective worm detection for various scan techniques
Journal of Computer Security
Adaptive defense against various network attacks
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Fast Worm Containment Using Feedback Control
IEEE Transactions on Dependable and Secure Computing
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
On the trade-off between speed and resiliency of flashworms and similar malcodes
Proceedings of the 2007 ACM workshop on Recurring malcode
Evaluation of collaborative worm containment on the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Detailed DoS attacks in wireless networks and countermeasures
International Journal of Ad Hoc and Ubiquitous Computing
International Journal of Wireless and Mobile Computing
Origins: an approach to trace fast spreading worms to their roots
International Journal of Security and Networks
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Locality-Based Server Profiling for Intrusion Detection
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Containment of network worms via per-process rate-limiting
Proceedings of the 4th international conference on Security and privacy in communication netowrks
On the race of worms, alerts, and patches
IEEE/ACM Transactions on Networking (TON)
A hardware platform for efficient worm outbreak detection
ACM Transactions on Design Automation of Electronic Systems (TODAES)
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Defending against the propagation of active worms
The Journal of Supercomputing
PolyI-D: polymorphic worm detection based on instruction distribution
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
A logical framework for evaluating network resilience against faults and attacks
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
SWorD: a simple worm detection scheme
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
A mathematical view of network-based suppressions of worm epidemics
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A behavioral analysis engine for network traffic
CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
An artificial intelligence membrane to detect network intrusion
Artificial Life and Robotics
Location based power analysis to detect malicious code in smartphones
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Progress and challenges in intelligent vehicle area networks
Communications of the ACM
Toward a framework for forensic analysis of scanning worms
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Reducing worm detection time and false alarm in virus throttling
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Towards an immunity-based anomaly detection system for network traffic
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Tackling worm detection speed and false alarm in virus throttling
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
A first look at peer-to-peer worms: threats and defenses
IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems
A worm filter based on the number of unacknowledged requests
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Empirical analysis of rate limiting mechanisms
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Sensitivity analysis of an attack containment model
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Adaptive detection of local scanners
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
TAO: protecting against hitlist worms using transparent address obfuscation
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
E-mail worm detection using the analysis of behavior
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Revisiting traffic anomaly detection using software defined networking
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Agent-based simulation of cooperative defence against botnets
Concurrency and Computation: Practice & Experience
Intrusion Detection: Characterising intrusion detection sensors
Network Security
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
Beyond the blacklist: modeling malware spread and the effect of interventions
Proceedings of the 2012 workshop on New security paradigms
Simulation-based study of botnets and defense mechanisms against them
Journal of Computer and Systems Sciences International
Approaches to adversarial drift
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
A Host-Based Approach for Unknown Fast-Spreading Worm Detection and Containment
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
Towards an immunity-based anomaly detection system for network traffic
International Journal of Knowledge-based and Intelligent Engineering Systems
| Hi-index | 0.02 |
Modern computer viruses spread incredibly quickly, farfaster than human-mediated responses. This greatly increasesthe damage that they cause. This paper presentsan approach to restricting this high speed propagation automatically.The approach is based on the observation thatduring virus propagation, an infected machine will connectto as many different machines as fast as possible. An uninfectedmachine has a different behaviour: connections aremade at a lower rate, and are locally correlated (repeatconnections to recently accessed machines are likely).This paper describes a simple technique to limit the rateof connections to "new" machines that is remarkably effectiveat both slowing and halting virus propagation withoutaffecting normal traffic. Results of applying the filter to webbrowsing data are included. The paper concludes by suggestingan implementation and discussing the potential andlimitations of this approach.