Proceedings of the 2nd IFIP international conference on Computer security: a global challenge
A formal definition of computer worms and some related results
Computers and Security
Disarming offense to facilitate defense
Proceedings of the 2000 workshop on New security paradigms
AngeL: a tool to disarm computer systems
Proceedings of the 2001 workshop on New security paradigms
Understanding the Linux Kernel
Understanding the Linux Kernel
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Design, Implementation and Test of an Email Virus Throttle
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Linux Device Drivers, 3rd Edition
Linux Device Drivers, 3rd Edition
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Proceedings of the 2003 ACM workshop on Rapid malcode
Resilient infrastructure for network security
Complexity - Special issue: Resilient and adaptive defense of computing networks
Proceedings of the 2004 ACM workshop on Rapid malcode
Fast payload-based flow estimation for traffic monitoring and network security
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
Host-based detection of worms through peer-to-peer cooperation
Proceedings of the 2005 ACM workshop on Rapid malcode
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Proceedings of the 4th ACM workshop on Recurring malcode
Proceedings of the 4th ACM workshop on Recurring malcode
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Analyzing cooperative containment of fast scanning worms
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
Security when people matter: structuring incentives for user behavior
Proceedings of the ninth international conference on Electronic commerce
Quorum sensing and self-stopping worms
Proceedings of the 2007 ACM workshop on Recurring malcode
Information Security Tech. Report
Improving accuracy of immune-inspired malware detectors by using intelligent features
Proceedings of the 10th annual conference on Genetic and evolutionary computation
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
The future of biologically-inspired security: is there anything left to learn?
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security
A distributed framework for passive worm detection and throttling in P2P networks
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Toward sound-assisted intrusion detection systems
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Nudge: intermediaries' role in interdependent network security
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Characterizing and defending against divide-conquer-scanning worms
Computer Networks: The International Journal of Computer and Telecommunications Networking
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
On detecting active worms with varying scan rate
Computer Communications
Packet marking based cooperative attack response service for effectively handling suspicious traffic
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Analysis of abnormalities of worm traffic for obtaining worm detection vectors
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Tackling worm detection speed and false alarm in virus throttling
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Active host information-based abnormal IP address detection
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
A worm filter based on the number of unacknowledged requests
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Virtual playgrounds for worm behavior investigation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Revisiting traffic anomaly detection using software defined networking
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Hey, you darned counters!: get off my ASIC!
Proceedings of the first workshop on Hot topics in software defined networks
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
Towards an immunity-based anomaly detection system for network traffic
International Journal of Knowledge-based and Intelligent Engineering Systems
| Hi-index | 0.00 |
In this paper we build on previous theoretical work and describe the implementation and testing of a virus throttle - a program, based on a new approach, that is able to substantially reduce the spread of and hence damage caused by mobile code such as worms and viruses. Our approach is different from current, signature-based anti-virus paradigms in that it identifies potential viruses based on their network behaviour and, instead of preventing such programs from entering a system, seeks to prevent them from leaving. The results presented here show that such an approach is effective in stopping the spread of a real worm, W32/Nimda-D, in under a second, as well as several different configurations of a test worm.