Defending against hitlist worms using network address space randomization q

نویسندگان

  • S. Antonatos
  • P. Akritidis
  • K. G. Anagnostakis
چکیده

Worms are self-replicating malicious programs that represent a major security threat for the Internet, as they can infect and damage a large number of vulnerable hosts at timescales where human responses are unlikely to be effective. Sophisticated worms that use precomputed hitlists of vulnerable targets are especially hard to contain, since they are harder to detect, and spread at rates where even automated defenses may not be able to react in a timely fashion. This paper examines a new proactive defense mechanism called Network Address Space Randomization (NASR) whose objective is to harden networks specifically against hitlist worms. The idea behind NASR is that hitlist information could be rendered stale if nodes are forced to frequently change their IP addresses. NASR limits or slows down hitlist worms and forces them to exhibit features that make them easier to contain at the perimeter. We explore the design space for NASR and present a prototype implementation as well as experiments examining the effectiveness and limitations of the approach. 2007 Elsevier B.V. All rights reserved.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

TAO: Protecting Against Hitlist Worms Using Transparent Address Obfuscation

Sophisticated worms that use precomputed hitlists of vulnerable targets are especially hard to contain, since they are harder to detect, and spread at rates where even automated defenses may not be able to react in a timely fashion. Recent work has examined a proactive defense mechanism called Network Address Space Randomization (NASR) whose objective is to harden networks specifically against ...

متن کامل

Taxonomy and Effectiveness of Worm Defense Strategies

While it is important to develop effective worm defense techniques, most previous work has focused on a single point in the design space. The sheer complexity and size of the design space of worm defense requires a more systematic study of the design space. We give the first systematic investigation of the design space of worm defense system strategies. We accomplish this by providing a taxonom...

متن کامل

Design Space and Analysis of Worm Defense Strategies

We give the first systematic investigation of the design space of worm defense system strategies. We accomplish this by providing a taxonomy of defense strategies by abstracting away implementationdependent and approach-specific details and concentrating on the fundamental properties of each defense category. Our taxonomy and analysis reveals the key parameters for each strategy that determine ...

متن کامل

Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers

It is widely recognized that large-scale attacks, such as those launched by worms and zombie farms, pose a grave threat to our network-centric society. Existing approaches such as software patches are simply unable to cope with the volume and speed with which new vulnerabilities are being discovered. In this paper, we develop a new approach that can provide effective protection against a vast m...

متن کامل

Pulse: A Class of Super-Worms against Network Infrastructure

Super-worms constitute the most advanced and dangerous threat for networks and the whole Internet. Their goal is to infect the significant majority of Internet hosts in the minimum possible time, by using advanced techniques to partition the Internet address space and to coordinate the

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007