Proceedings of the 2004 ACM workshop on Rapid malcode
Proceedings of the 2004 ACM workshop on Rapid malcode
On the effectiveness of automatic patching
Proceedings of the 2005 ACM workshop on Rapid malcode
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Early detection and propagation mitigation of worm programs
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Analyzing cooperative containment of fast scanning worms
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Deterministic and stochastic models for the detection of random constant scanning worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
International Journal of Wireless and Mobile Computing
On the race of worms, alerts, and patches
IEEE/ACM Transactions on Networking (TON)
Defending against the propagation of active worms
The Journal of Supercomputing
SWorD: a simple worm detection scheme
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
An automated worm containment scheme
WISM'10 Proceedings of the 2010 international conference on Web information systems and mining
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Empirical analysis of rate limiting mechanisms
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
If we limit the contact rate of worm traffic, can we alleviateand ultimately contain Internet worms? This papersets out to answer this question. Specifically, we are interestedin analyzing different deployment strategies of ratecontrol mechanisms and the effect thereof on suppressingthe spread of worm code. We use both analytical modelsand simulation experiments. We find that rate control at individualhosts or edge routers yields a slowdown that is linearin the number of hosts (or routers) with the rate limitingfilters. Limiting contact rate at the backbone routers,however, is substantially more effective-it renders a slow-downcomparable to deploying rate limiting filters at everyindividual host that is covered. This result holds true evenwhen susceptible and infected hosts are patched and immunizeddynamically. To provide context for our analysis, weexamine real traffic traces obtained from a campus computingnetwork. We observe that rate throttling could be enforcedwith minimal impact on legitimate communications.Two worms observed in the traces, however, would be significantlyslowed down.