Automated worm fingerprinting
作者: Cristian Estan , George Varghese , Stefan Savage , Sumeet Singh
DOI:
关键词:
摘要: Network worms are a clear and growing threat to the security of today's Internet-connected hosts networks. The combination Internet's unrestricted connectivity widespread software homogeneity allows network pathogens exploit tremendous parallelism in their propagation. In fact, modern can spread so quickly, widely, that no human-mediated reaction hope contain an outbreak. In this paper, we propose automated approach for quickly detecting previously unknown viruses based on two key behavioral characteristics - common sequence together with range unique sources generating infections destinations being targeted. More importantly, our called "content sifting" automatically generates precise signatures then be used filter or moderate worm elsewhere network. Using existing novel algorithms have developed scalable content sifting implementation low memory CPU requirements. Over months active use at UCSD, Earlybird prototype system has detected generated all known as well several new which were time identified them. Our initial experience suggests that, wide pathogens, it may practical construct fully defenses even against so-called "zero-day" epidemics.
neu.edu
choffnes.com 
acm.org 参考文章(36)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Stefan Savage, Colleen Shannon, David Moore, The Spread of the Sapphire/Slammer Worm ,(2003)
Eugene H. Spafford, The internet worm: crisis and aftermath Communications of The ACM. ,(1989)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, The EarlyBird System for Real-time Detection of Unknown Worms ,(2005)
Vern Paxson, Christian Kreibich, Mark Handley, Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics usenix security symposium. pp. 9- 9 ,(2001)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
James Moscola, Matthew Kulig, John W. Lockwood, Tim Brooks, David Reddick, Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware ,(2003)