Proceedings of the 2004 ACM workshop on Rapid malcode
Modeling malcode with Hephaestus: beyond simple spread
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
Evaluation of collaborative worm containment on the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense
Computer Communications
Containment of network worms via per-process rate-limiting
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Identification of Malicious Web Pages by Inductive Learning
WISM '09 Proceedings of the International Conference on Web Information Systems and Mining
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SWorD: a simple worm detection scheme
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Inside the permutation-scanning worms: propagation modeling and analysis
IEEE/ACM Transactions on Networking (TON)
On detecting active worms with varying scan rate
Computer Communications
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Empirical analysis of rate limiting mechanisms
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Adaptive detection of local scanners
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Agent-based simulation of cooperative defence against botnets
Concurrency and Computation: Practice & Experience
Simulation-based study of botnets and defense mechanisms against them
Journal of Computer and Systems Sciences International
Hi-index | 0.00 |
An Internet worm automatically replicates itself to vulnerable systems and may infect hundreds of thousands of servers across the Internet. It is conceivable that the cyber-terrorists may use a wide-spread worm to cause major disruption to our Internet economy. While much recent research concentrates on propagation models, the defense against worms is largely an open problem. We propose a distributed anti-worm architecture (DAW) that automatically slows down or even halts the worm propagation. New defense techniques are developed based on behavioral difference between normal hosts and worm-infected hosts. Particulary, a worm-infected host has a much higher connection-failure rate when it scans the Internet with randomly selected addresses. This property allows DAW to set the worms apart from the normal hosts. We propose a temporal rate-limit algorithm and a spatial rate-limit algorithm, which makes the speed of worm propagation configurable by the parameters of the defense system. DAW is designed for an Internet service provider to provide the anti-worm service to its customers. The effectiveness of the new techniques is evaluated analytically and by simulations.