Empirical analysis of an improved countermeasure against computer network worms
作者: Khurram Shahzad , Steve Woodhead
DOI: 10.1109/ICCCNT.2015.7395187
关键词:
摘要: Wormable system vulnerabilities continue to be identified and so fast spreading network worms pose a threat the security of networks, due their high potential speed ability self-replicate. The cost single worm outbreak has been estimated as US$ 2.6 billion. In this paper, we report empirical analysis distributed detection prevention countermeasure Rate Limiting+Leap Ahead (RL+LA) by using Pseudo-Slammer with characteristics real Slammer outbreak. RL+LA, is automated containment scheme that based on correlation Domain Name System (DNS) queries destination IP address outgoing TCP SYN UDP datagrams leaving boundary, while it also utilizes cooperation between different communicating members custom protocol, which term Friends. results show significant increase in time infection worm, when invoked, although cannot completely stop propagation worm.
gre.ac.uk
sci-hub.se 参考文章(25)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
Ziyad Al-Salloum, Topology-aware vulnerability mitigation worms Royal Holloway, University of London. ,(2011)
David M. Nicol, Michael Liljenstam, Models of Active Worm Defenses Coordinated Science Laboratory, University of Illinois at Urbana-Champaign. ,(2004)
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
Khurram Shahzad, Steve Woodhead, Panos Bakalis, A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing International Conference on Security of Information and Communication Networks. pp. 54- 64 ,(2013) , 10.1007/978-3-642-40597-6_5
Gregory R. Ganger, Stanley M. Bielski, Gregg Economou, Self-Securing Network Interfaces: What, Why and How? ,(2002)
Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Khurram Shahzad, Steve Woodhead, Luc Tidy, Muhammad Aminu Ahmad, An assessment of the contemporary threat posed by network worm malware IARIA. ,(2014)