Resilient infrastructure for network security
Complexity - Special issue: Resilient and adaptive defense of computing networks
Proceedings of the 2004 ACM workshop on Rapid malcode
Towards Blocking Outgoing Malicious Impostor Emails
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Signature metrics for accurate and automated worm detection
Proceedings of the 4th ACM workshop on Recurring malcode
An effective defense against email spam laundering
Proceedings of the 13th ACM conference on Computer and communications security
Email prioritization: reducing delays on legitimate mail caused by junk mail
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Fast Worm Containment Using Feedback Control
IEEE Transactions on Dependable and Secure Computing
Origins: an approach to trace fast spreading worms to their roots
International Journal of Security and Networks
Thwarting E-mail Spam Laundering
ACM Transactions on Information and System Security (TISSEC)
How to secure your email address book and beyond
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
SWorD: a simple worm detection scheme
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
E-mail worm detection using the analysis of behavior
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
Hi-index | 0.00 |
This paper presents an approach to preventing the damagecaused by viruses that travel via email. The approachprevents an infected machine spreading the virus further.This directly addresses the two ways that viruses causedamage: less machines spreading the virus will reduce thenumber of machines infected and reduce the traffic generatedby the virus.The approach relies on the observation that normalemailing behaviour is quite different from the behaviour of aspreading virus, with the virus sending messages at a muchhigher rate, to different addresses. To limit propagation arate-limiter or virus throttle is described that does not affectnormal traffic, but quickly slows and stops viral traffic. Thepaper includes an analysis of normal emailing behaviour,and details of the throttle design. In addition an implementationis described and tested with real viruses, showingthat the approach is practical.