An Automated Defense System to Counter Internet Worms
作者: Riccardo Scandariato , John C. Knight
DOI:
关键词: Computer network 、 Formal specification 、 Network topology 、 Computer science 、 Word count 、 Emulation 、 Task (computing) 、 Testbed 、 Specification language 、 The Internet 、 Computer security
摘要: Our society is highly dependent on network services such as the Web, email, and collaborative P2P enterprise applications. But what if infrastructures were suddenly torn down? Both past incidents research studies show that a well-engineered Internet worm can accomplish task in fairly simple way and, most notably, matter of few minutes. This clearly rules out possibility manually countering outbreaks. We present testbed operates cluster computers emulates very large networks for purposes experimentation. A wide variety properties be studied topologies interest constructed. reactive control system, based Willow architecture, top provides monitor/analyze/respond approach to deal with infections automatically. The logic driving system synthesized from formal specification, which correlate sensor events. Details our configurable testbed, theory operation features specification language, various experimental performance results are presented. Index Terms worm, emulation platform, defense control, policy Submission category Regular paper Approximate word count 10510 material included this has been cleared through authors’ affiliations
columbia.edu 参考文章(26)
Eugene H. Spafford, The internet worm: crisis and aftermath Communications of The ACM. ,(1989)
Jack Koziol, Intrusion Detection with Snort ,(2003)
Hakim Weatherspoon, Jason Lee, Brent Chun, Brent N. Chun, Netbait: a Distributed Worm Detection Service ,(2003)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Yang Wang, D. Chakrabarti, Chenxi Wang, C. Faloutsos, Epidemic spreading in real networks: an eigenvalue viewpoint symposium on reliable distributed systems. pp. 25- 34 ,(2003) , 10.1109/RELDIS.2003.1238052
Jonathan C. Hill, John C. Knight, Selective Notification: Combining Forms of Decoupled Addressing for Internet-Scale Command and Alert Dissemination University of Virginia, Department of Computer Science. ,(2003) , 10.21236/ADA436806
J.C. Knight, E.A. Strunk, K.J. Sullivan, Towards a rigorous definition of information system survivability darpa information survivability conference and exposition. ,vol. 1, pp. 78- 89 ,(2003) , 10.1109/DISCEX.2003.1194874
Cliff Changchun Zou, Weibo Gong, Don Towsley, Code red worm propagation modeling and analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 138- 147 ,(2002) , 10.1145/586110.586130
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham, A taxonomy of computer worms workshop on rapid malcode. pp. 11- 18 ,(2003) , 10.1145/948187.948190