System identification: theory for the user
System identification: theory for the user
Linear systems: a state variable approach with numerical implementation
Linear systems: a state variable approach with numerical implementation
Control System Design
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Design, Implementation and Test of an Email Virus Throttle
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Dynamic Control of Worm Propagation
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Proceedings of the 2004 ACM workshop on Rapid malcode
Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)
Behavioral feature extraction for network anomaly detection
Behavioral feature extraction for network anomaly detection
On the performance of internet worm scanning strategies
Performance Evaluation
Detecting spam in VoIP networks
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Sensitivity analysis of an attack containment model
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
A virtual environment for network testing
Journal of Network and Computer Applications
A Novel Worm Detection Model Based on Host Packet Behavior Ranking
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Hi-index | 0.00 |
In a computer network, network security is accomplished using elements such as firewalls, hosts, servers, routers, intrusion detection systems, and honey pots. These network elements need to know the nature or anomaly of the worm a priori to detect the attack. Modern viruses such as Code Red, Sapphire, and Nimda spread quickly. Therefore, it is impractical if not impossible for human mediated responses to these fast-spreading viruses. Several epidemic studies show that automatic tracking of resource usage and control provides an effective method to contain the damage. In this paper, we propose a novel security architecture based on the control system theory. In particular, we describe a state-space feedback control model that detects and control the spread of these viruses or worms by measuring the velocity of the number of new connections an infected host makes. The mechanism's objective is to slow down a worm's spreading velocity by controlling (delaying) the number of new connections made by an infected host. A proportional and integral (PI) controller is used for a continuous control of the feedback loop. The approach proposed here has been verified in a laboratory setup, and we were able to contain the infection so that it affected less than 5 percent of the hosts. We have also implemented a protocol for exchanging control-specific information between the network elements. The results from the simulation and experimental setup combined with the sensitivity analysis demonstrate the applicability and accuracy of the approach.