Worms vs. perimeters: the case for hard-LANs

Authors:
N. Weaver;D. Ellis;S. Staniford;V. Paxson
Affiliations:
Comput. Syst. Lab., Stanford Univ., CA, USA;Comput. Syst. Lab., Stanford Univ., CA, USA;Comput. Syst. Lab., Stanford Univ., CA, USA;Dept. of Comput. & Sci. & Eng., Ohio State Univ., Columbus, OH, USA
Venue:
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
Year:
2004

Citing 0
Cited 12

A behavioral approach to worm detection

Proceedings of the 2004 ACM workshop on Rapid malcode
On the impact of dynamic addressing on malware propagation

Proceedings of the 4th ACM workshop on Recurring malcode
The shunt: an FPGA-based accelerator for network intrusion prevention

Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Analyzing cooperative containment of fast scanning worms

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Security and insurance management in networks with heterogeneous agents

Proceedings of the 9th ACM conference on Electronic commerce
Vigilante: End-to-end containment of Internet worm epidemics

ACM Transactions on Computer Systems (TOCS)
Towards automated detection of peer-to-peer botnets: on the limits of local approaches

LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Joint network-host based malware detection using information-theoretic tools

Journal in Computer Virology
Scalable Stealth Mode P2P Overlays of Very Small Constant Degree

ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Worm traffic modeling for network performance analysis

ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
A traffic regulation method based on MRA signatures to reduce unwanted traffic from compromised end-user machines

DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Security and privacy issues for the network of the future

Security and Communication Networks

Quantified Score

Hi-index	0.01

Visualization

Abstract

Network worms - self-propagating network programs - represent a substantial threat to our network infrastructure. Due to the propagation speed of worms, reactive defenses need to be automatic. It is important to understand where and how these defenses need to fit in the network so that they cannot be easily evaded. As there are several mechanisms malcode authors can use to bypass existing perimeter-centric defenses, this position paper argues that substantial defenses need to be embedded in the local area network, thus creating "hard-LANs" designed to detect and respond to worm infections. When compared with conventional network intrusion detection systems (NIDSs), we believe that hard-LAN devices need to have two orders of magnitude better cost/performance, and at least two orders of magnitude better accuracy, resulting in substantial design challenges.