On the effectiveness of distributed worm monitoring
作者: Fabian Monrose , Moheeb Abu Rajab , Andreas Terzis
DOI:
关键词:
摘要: Distributed monitoring of unused portions the IP address space holds promise providing early and accurate detection high-profile security events, especially Internet worms. While this observation has been accepted for some time now, a systematic analysis requirements building an effective distributed infrastructure is still missing. In paper, we attempt to quantify benefits evaluate practicality approach. To do so developed new worm propagation model that relaxes earlier assumptions regarding uniformity underlying vulnerable population. This allows us how size monitored space, as well number locations monitors, impact time. We empirically effect these parameters using traffic traces from over 1.5 billion suspicious connection attempts observed by more than 1600 intrusion systems dispersed across Internet. Our results show monitors with half allocated centralized monitor can detect non-uniform scanning worms in Moreover, same four times faster. Furthermore, even partial knowledge population density be used improve placement. Exploiting information about location leads, cases, seven fast compared random deployment.
acm.org
jhu.edu 参考文章(17)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Sarma Vangala, Kevin Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques ,(2003)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Guofei Gu, M. Sharif, Xinzhou Qin, D. Dagon, Wenke Lee, G. Riley, Worm detection, early warning and response based on local victim information annual computer security applications conference. pp. 136- 145 ,(2004) , 10.1109/CSAC.2004.51
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)
Cliff Changchun Zou, Weibo Gong, Don Towsley, Code red worm propagation modeling and analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 138- 147 ,(2002) , 10.1145/586110.586130
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
C. Shannon, D. Moore, The spread of the Witty worm ieee symposium on security and privacy. ,vol. 2, pp. 46- 50 ,(2004) , 10.1109/MSP.2004.59
Cliff Changchun Zou, Weibo Gong, Don Towsley, Worm propagation modeling and analysis under dynamic quarantine defense workshop on rapid malcode. pp. 51- 60 ,(2003) , 10.1145/948187.948197