Containment of Fast Scanning Computer Network Worms
作者: Muhammad Aminu Ahmad , Steve Woodhead
DOI: 10.1007/978-3-319-23237-9_21
关键词: Blocking (statistics) 、 Block (data storage) 、 Data link 、 Engineering 、 Countermeasure (computer) 、 Computer network 、 Host (network) 、 Containment (computer programming) 、 Malware 、 Network security
摘要: This paper presents a mechanism for detecting and containing fast scanning computer network worms. The countermeasure mechanism, termed NEDAC, uses behavioural detection technique that observes the absence of DNS resolution in newly initiated outgoing connections. Upon abnormal behaviour by host, based on resolution, system then invokes data link containment to block traffic from host. concept has been demonstrated using developed prototype tested virtualised environment. An empirical analysis worm propagation conducted characteristics reported contemporary vulnerabilities test capabilities mechanism. results show is sensitive blocking infection at an early stage.
springer.com
core.ac.uk
gre.ac.uk
sci-hub.st 参考文章(21)
Philip K. Chan, Matthew V. Mahoney, PHAD: packet header anomaly detection for identifying hostile network traffic ,(2001)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Gregory R. Ganger, Stanley M. Bielski, Gregg Economou, Self-Securing Network Interfaces: What, Why and How? ,(2002)
Jinho Hwang, Frederick Y. Wu, Sai Zeng, Timothy Wood, A component-based performance comparison of four hypervisors integrated network management. pp. 269- 276 ,(2013)
Osman Ghazali, Norita Md Norwawi, Mohammed M. Kadhum, Mohammad M. Rasheed, A Traffic Signature-based Algorithm for Detecting Scanning Internet Worms International Journal of Computer Network and Information Security. ,vol. 1, ,(2009)
Cynthia Wong, Stan Bielski, Ahren Studer, Chenxi Wang, Empirical Analysis of Rate Limiting Mechanisms Lecture Notes in Computer Science. pp. 22- 42 ,(2006) , 10.1007/11663812_2
Guofei Gu, M. Sharif, Xinzhou Qin, D. Dagon, Wenke Lee, G. Riley, Worm detection, early warning and response based on local victim information annual computer security applications conference. pp. 136- 145 ,(2004) , 10.1109/CSAC.2004.51
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Vern Paxson, Stuart Staniford, Nicholas Weaver, Very fast containment of scanning worms usenix security symposium. pp. 3- 3 ,(2004)