Robust Reactions to Potential Day-Zero Worms Through Cooperation and Validation
作者: K. Anagnostakis , S. Ioannidis , A. D. Keromytis , M. B. Greenwald
DOI: 10.1007/11836810_31
关键词: Distributed algorithm 、 Computer science 、 Overhead (computing) 、 Zero (linguistics) 、 False alarm 、 Computer security
摘要: Cooperative defensive systems communicate and cooperate in their response to worm attacks, but determine the presence of a attack solely on local information. Distributed detection immunization track suspicious behavior at multiple cooperating nodes whether is progress. Earlier work has shown that cooperative can respond quickly day-zero worms, while distributed allow detectors be more conservative (i.e. paranoid) about potential attacks because they manage false alarms efficiently. In this paper we begin preliminary investigation into complex tradeoffs such between communication costs, computation overhead, accuracy tests, estimation viral virulence, fraction network infected before crests. We evaluate effectiveness different system configurations various simulations. Our experiments show algorithms are better able balance against viruses with reduced cost when faced alarms. Furthermore, cooperative, seem robust malicious participants than earlier non-distributed approaches.
core.ac.uk
springer.com
columbia.edu
springerlink.com参考文章(23)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
Lakshminarayanan Subramanian, Ion Stoica, Jayanthkumar Kannan, Randy H. Katz, Analyzing cooperative containment of fast scanning worms conference on steps to reducing unwanted traffic on internet. pp. 3- 3 ,(2005)
Michael E. Locasto, Angelos D. Keromytis, Salvatore Stolfo, Janak J. Parekh, Tal G. Malkin, Vishal Misra, Collaborative Distributed Intrusion Detection Department of Computer Science, Columbia University. ,(2004) , 10.7916/D8XH000K
Sarma Vangala, Kevin Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques ,(2003)
Kostas G. Anagnostakis, Michael Greenwald, Sotiris Ioannidis, Stefan Miltchev, Open Packet Monitoring on FLAME: Safety, Performance, and Applications Lecture Notes in Computer Science. pp. 120- 131 ,(2002) , 10.1007/3-540-36199-5_10
Sarma Vangala, Kevin A. Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan. network and distributed system security symposium. ,(2004)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)