Worm damage minimization in enterprise networks

Authors:
Surasak Sanguanpong;Urupoj Kanlayasiri
Affiliations:
Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok 10900, Thailand;Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok 10900, Thailand
Venue:
International Journal of Human-Computer Studies
Year:
2007

Citing 16
Cited 0

Fuzzy logic, neural networks, and soft computing

Communications of the ACM
Modern control engineering (3rd ed.)

Modern control engineering (3rd ed.)
Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fluid-based analysis of a network of AQM routers supporting TCP flows with an application to RED

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Code red worm propagation modeling and analysis

Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
On computer viral infection and the effect of immunization

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Measuring and Modeling Computer Virus Prevalence

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Recent worms: a survey and trends

Proceedings of the 2003 ACM workshop on Rapid malcode
A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode
Experiences with worm propagation simulations

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm anatomy and model

Proceedings of the 2003 ACM workshop on Rapid malcode
Securing nomads: the case for quarantine, examination, and decontamination

Proceedings of the 2003 workshop on New security paradigms
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
An algorithmic approach for fuzzy inference

IEEE Transactions on Fuzzy Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Attackers utilize many forms of intrusion via computer networks; currently, worms are an important vector with the potential for widespread damage. None of the strategies is effective and rapid enough to mitigate worm propagation. Therefore, it is extremely important for organizations to better understand worm behaviour and adopt a strategy to minimize the damage due to worm attacks. This paper describes an approach to minimize the damage due to worm infection in enterprise networks. The approach includes: (1) analyzing the effect of parameters influencing worm infection: openness, homogeneity, and trust, (2) predicting the number of infected nodes by fuzzy decision, and (3) optimizing the trust parameter to minimize the damage by fuzzy control. Experiments using real worm attacks show that the selected parameters are strongly correlated with actual infection rates, the damage prediction produces accurate estimates, and the optimization of the selected parameter can lessen the damage from worm infection.