Defending against hitlist worms using network address space randomization |
| |
| Affiliation: | 1. Systems and Security Department, Institute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore 119613, Singapore;2. Institute of Computer Science, Foundation for Research and Technology, Hellas P.O. Box 1385 Heraklio, GR-711-10, Greece;1. Tecnalia Research & Innovation, Parque Tecnológico, Edificio 202, 48170 Zamudio, Spain;2. Department of Electrical and Computer Engineering, Stony Brook University, Stony Brook, NY, USA;3. Department of Electrical and Computer Engineering, Boise State University, Boise, ID, USA;1. Institute of Veterinary Medicine and Animal Sciences, Estonian University of Life Sciences, Kreutzwaldi 62, 51014 Tartu, Estonia;2. School of Agriculture, Forestry, Food and Environment, University of Basilicata, Via dell’Ateneo Lucano 10, 85100 Potenza, Italy;3. Department of Agriculture Sciences, University of Naples Federico II, Via Università 133, 80055 Portici, Napoli,, Italy;4. Department of Veterinary Medicine and Animal Production, University of Naples Federico II, Via Federico Delpino 1, 80137 Napoli, Italy;1. Department of Computing, Faculty of Engineering, Science and Technology, Nilai University, Putra Nilai, 71800 Nilai, Negeri Sembilan, Malaysia;2. Department of Computer & Communication Systems Engineering, Faculty of Engineering, Universiti Putra Malaysia, 43400 UPM Serdang Selangor D.E., Malaysia;3. Department of Communication Tech and Network, Faculty of Computer Science and Info Tech, Universiti Putra Malaysia, 43400 UPM Serdang Selangor D.E., Malaysia |
| |
| Abstract: | Worms are self-replicating malicious programs that represent a major security threat for the Internet, as they can infect and damage a large number of vulnerable hosts at timescales where human responses are unlikely to be effective. Sophisticated worms that use precomputed hitlists of vulnerable targets are especially hard to contain, since they are harder to detect, and spread at rates where even automated defenses may not be able to react in a timely fashion.This paper examines a new proactive defense mechanism called Network Address Space Randomization (NASR) whose objective is to harden networks specifically against hitlist worms. The idea behind NASR is that hitlist information could be rendered stale if nodes are forced to frequently change their IP addresses. NASR limits or slows down hitlist worms and forces them to exhibit features that make them easier to contain at the perimeter. We explore the design space for NASR and present a prototype implementation as well as experiments examining the effectiveness and limitations of the approach. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
