A hybrid quarantine defense

Authors:
Phillip Porras;Linda Briesemeister;Keith Skinner;Karl Levitt;Jeff Rowe;Yu-Cheng Allen Ting
Affiliations:
SRI International, Menlo Park, CA;SRI International, Menlo Park, CA;SRI International, Menlo Park, CA;University of California at Davis, Davis, CA;University of California at Davis, Davis, CA;University of California at Davis, Davis, CA
Venue:
Proceedings of the 2004 ACM workshop on Rapid malcode
Year:
2004

Citing 7
Cited 12

Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Predators: good will mobile codes combat against computer viruses

Proceedings of the 2002 workshop on New security paradigms
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Epidemic profiles and defense of scale-free networks

Proceedings of the 2003 ACM workshop on Rapid malcode
Cyber defense technology networking and evaluation

Communications of the ACM - Homeland security
Dynamic Quarantine of Internet Worms

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Design space and analysis of worm defense strategies

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Proactive security for mobile messaging networks

WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Detecting targeted attacks using shadow honeypots

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Fast Worm Containment Using Feedback Control

IEEE Transactions on Dependable and Secure Computing
Design, deployment, and use of the DETER testbed

DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Evaluation of collaborative worm containment on the DETER testbed

DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Highly predictive blacklisting

SS'08 Proceedings of the 17th conference on Security symposium
Design of a multi_agent system for worm spreading_reduction

Journal of Intelligent Information Systems
The science of cyber security experimentation: the DETER project

Proceedings of the 27th Annual Computer Security Applications Conference
Robust reactions to potential day-zero worms through cooperation and validation

ISC'06 Proceedings of the 9th international conference on Information Security
Cooperative automated worm response and detection immune ALgorithm(CARDINAL) inspired by t-cell immunity and tolerance

ICARIS'05 Proceedings of the 4th international conference on Artificial Immune Systems
Fast and evasive attacks: highlighting the challenges ahead

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study the strengths, weaknesses, and potential synergies of two complementary worm quarantine defense strategies under various worm attack profiles. We observe their abilities to delay or suppress infection growth rates under two propagation techniques and three scan rates, and explore the potential synergies in combining these two complementary quarantine strategies. We compare the performance of the individual strategies against a hybrid combination strategy, and conclude that the hybrid strategy yields substantial performance improvements, beyond what either technique provides independently. This result offers potential new directions in hybrid quarantine defenses.