Very fast containment of scanning worms
作者: Vern Paxson , Stuart Staniford , Nicholas Weaver
DOI:
关键词:
摘要: Computer worms - malicious, self-propagating programs represent a significant threat to large networks. One possible defense, containment, seeks limit worm's spread by isolating it in small subsection of the network. In this work we develop containment algorithms suitable for deployment high-speed, low-cost network hardware. We show that these techniques can stop scanning host after fewer than 10 scans with very low false-positive rate. also augment approach devising mechanisms cooperation enable multiple devices more effectively detect and respond an emerging infection. Finally, discuss ways worm attempt bypass general, ours particular.
berkeley.edu 
uta.edu 参考文章(18)
Eli Biham, Lars Knudsen, Ross Anderson, Serpent: A Proposal for the Advanced Encryption Standard ,(1998)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
Scott A. Crosby, Dan S. Wallach, Denial of service via algorithmic complexity attacks usenix security symposium. pp. 3- 3 ,(2003)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham, A taxonomy of computer worms workshop on rapid malcode. pp. 11- 18 ,(2003) , 10.1145/948187.948190
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
Cliff Changchun Zou, Weibo Gong, Don Towsley, Worm propagation modeling and analysis under dynamic quarantine defense workshop on rapid malcode. pp. 51- 60 ,(2003) , 10.1145/948187.948197