A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
On the impact of dynamic addressing on malware propagation
Proceedings of the 4th ACM workshop on Recurring malcode
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Analyzing cooperative containment of fast scanning worms
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Security and insurance management in networks with heterogeneous agents
Proceedings of the 9th ACM conference on Electronic commerce
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Towards automated detection of peer-to-peer botnets: on the limits of local approaches
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Scalable Stealth Mode P2P Overlays of Very Small Constant Degree
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Worm traffic modeling for network performance analysis
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Security and privacy issues for the network of the future
Security and Communication Networks
Hi-index | 0.01 |
Network worms - self-propagating network programs - represent a substantial threat to our network infrastructure. Due to the propagation speed of worms, reactive defenses need to be automatic. It is important to understand where and how these defenses need to fit in the network so that they cannot be easily evaded. As there are several mechanisms malcode authors can use to bypass existing perimeter-centric defenses, this position paper argues that substantial defenses need to be embedded in the local area network, thus creating "hard-LANs" designed to detect and respond to worm infections. When compared with conventional network intrusion detection systems (NIDSs), we believe that hard-LAN devices need to have two orders of magnitude better cost/performance, and at least two orders of magnitude better accuracy, resulting in substantial design challenges.