An OS Independent Heuristics-based Worm-containment System

نویسندگان

  • Uday Savagaonkar
  • Ravi Sahita
  • Gayathri Nagabhushan
  • Priya Rajagopal
  • David Durham
چکیده

We present an operating system independent and tamper-resistant worm-containment end-system. This system continuously observes outgoing network traffic over a finite-duration traffic window, and using heuristic rules executing in a secondary environment, detects infections. It automatically quarantines the infected host to stop further spread of the worm. We present four heuristic rules, and using network traffic traces collected from an enterprise network demonstrate that a port/protocol-tuned version of the heuristic provides lowest false-positives rate for different settings. Using simulations, we further evaluate the effectiveness of this heuristic in containing the spread of a worm in a medium-sized network. We then demonstrate that different window sizes are required for containing worms with different spread rates. Consequently, to be effective across a broad range of worms, we show it is advisable to use a heuristic that uses multiple window sizes. We also demonstrate that by effectively tuning the heuristic parameters and Dynamic Host Configuration Protocol (DHCP) server settings, one can contain worms with spread rates from 2 scans per second to upwards of 100,000 scans per second.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Evaluation of collaborative worm containment on the DETER testbed

The advantage of collaborative containment over independent block or address blacklisting on worm defense has been advocated in previous worm studies. In this work, we will evaluate two collaborative worm containment proposals and present some of the results of our DETER emulation experiments. In the first one, proactive worm containment (PWC), security agents block all suspicious hosts on the ...

متن کامل

Centralized Containment Model and Mathematics Modeling

In order to curb the spread of the worm in the network system, Expand worm containment methods from the point of view of the management system vulnerabilities. First comprehensive exposition Internet worm containment technology research progress ; then dissect initiative to curb the technical principles and given technology based initiative to curb centralized confrontation strategy , and final...

متن کامل

Cooperative Containment of Fast Scanning Worms

Scanning worms, that spread by probing the IP address space to find vulnerable hosts, are among the most serious threats to Internet security today, as evident by the time-scales of some recent large-scale worm attacks. Only an automatic defense can hope to contain a carefully designed worm that uses an unknown or a recently-divulged vulnerability. In this paper, we propose a cooperation-based ...

متن کامل

DNS-based Detection of Scanning Worms in an Enterprise Network

Worms are arguably the most serious security threat facing the Internet. Seeking a detection technique that is both sufficiently efficient and accurate to enable automatic containment of worm propagation at the network egress points, we propose a new technique for the rapid detection of worm propagation from an enterprise network. It relies on the correlation of Domain Name System (DNS) queries...

متن کامل

A Survey of Worm Detection and Containment

The self-duplicating, self-propagating malicious codes, known as computer worms, spread themselves without any human interaction and launch the most destructive attacks against computer networks. At the same time, being fully automated makes their behavior repetitious and predictable. This paper presents a survey an d comparison of Internet worm detection and containment schemes. We first ident...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005