首页 | 本学科首页   官方微博 | 高级检索  
     


On the development of an internetwork-centric defense for scanning worms
Authors:Scott E  Boleslaw K  
Affiliation:aDepartment of Computer Science, University of North Carolina, 201 South Columbia Street, Chapel Hill, NC 27599, USA;bDepartment of Computer Science, Lally 204, Rensselaer Polytechnic Institute, 110 Eighth Street, Troy, NY 12180, USA
Abstract:Studies of worm outbreaks have found that the speed of worm propagation makes manual intervention ineffective. Consequently, many automated containment mechanisms have been proposed to contain worm outbreaks before they grow out of control. These containment systems, however, only provide protection for hosts within networks that implement them. Such a containment strategy requires complete participation to protect all vulnerable hosts. Moreover, collaborative containment systems, where participants share alert data, face a tension between resilience to false alerts and quick reaction to worm outbreaks.This paper suggests an alternative approach where an autonomous system in an internetwork, such as the Internet, protects not only its local hosts, but also all hosts that route traffic through it, which we call internetwork-centric containment. Additionally, we propose a novel reputation-based alerting mechanism to provide fast dissemination of infection information while maintaining the fairness of the system. Through simulation studies, we show that the combination of internetwork-centric containment and reputation-based alerting is able to contain an extremely virulent worm with relatively little participation in the containment system. In comparison to other collaborative containment systems, ours provides better protection against worm outbreaks and resilience to false alerts.
Keywords:Network security  Computer worms  Malware protection  Worm containment  Reputation  Collaborative network defense
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号