With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
The Mathematics of Infectious Diseases
SIAM Review
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations
MASCOTS '02 Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Preliminary results using scale-down to explore worm dynamics
Proceedings of the 2004 ACM workshop on Rapid malcode
Worm Detection, Early Warning and Response Based on Local Victim Information
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Detecting Internet worms at early stage
IEEE Journal on Selected Areas in Communications
Defending against the propagation of active worms
The Journal of Supercomputing
Design of a multi_agent system for worm spreading_reduction
Journal of Intelligent Information Systems
Resilience strategies for networked malware detection and remediation
NSS'12 Proceedings of the 6th international conference on Network and System Security
| Hi-index | 0.00 |
A worm automatically replicates itself across networks and may infect millions of servers in a short period of time. It is conceivable that the cyberterrorists may use a widespread worm to cause major disruption to the Internet economy. Much recent research concentrates on propagation models and early warning, but the defense against worms is largely an open problem. We propose a distributed antiworm architecture (DAW) that automatically slows down or even halts the worm propagation within an Internet service provider (ISP) network. New defense techniques are developed based on the behavioral difference between normal hosts and worm-infected hosts. Particularly, a worm-infected host has a much higher connection-failure rate when it randomly scans the Internet. This property allows DAW to set the worms apart from the normal hosts. We propose a temporal rate-limit algorithm and a spatial rate-limit algorithm, which makes the speed of worm propagation configurable by the parameters of the defense system. The effectiveness of the new techniques is evaluated analytically and by simulations.