Can we contain Internet worms
作者: Jon Crowcroft , Antony Rowstron , Miguel Castro , Manuel Costa
DOI:
关键词: The Internet 、 Network packet 、 Computer security 、 Exploit 、 Computer network 、 Computer science
摘要: Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed a network centric approach automate worm containment: traffic is analyzed derive packet classifier that blocks (or rate-limits) propagation. This fundamental limitations the analysis no information about application vulnerabilities exploited by worms. paper proposes Vigilante, new host addresses these limitations. Vigilante relies on collaborative detection at end hosts in Internet but does not require trust each other. Hosts detect analysing attempts infect applications and broadcast self-certifying alerts (SCAs) when they worm. SCAs are automatically generated machine-verifiable proofs of vulnerability; independently inexpensively verified any host. use generate filters or patches prevent infection. We present preliminary results showing effectively contain spreading exploit unknown vulnerabilities.
sigcomm.org 参考文章(27)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Yun Mao, Shiping Chen, Miguel Castro, Security for Structured Peer-to-peer Overlay Networks ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, The EarlyBird System for Real-time Detection of Unknown Worms ,(2005)
Mariam Kamkar, John Wilander, A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention network and distributed system security symposium. pp. 149- ,(2003)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Very fast containment of scanning worms usenix security symposium. pp. 3- 3 ,(2004)
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham, A taxonomy of computer worms workshop on rapid malcode. pp. 11- 18 ,(2003) , 10.1145/948187.948190