Download:
by Cynthia Wong, Stan Bielski, Ahren Studer, Chenxi Wang
In Internat’l Symp. on RAID’05
http://www.pdl.cmu.edu/PDL-FTP/stray/RAID05.pdf
Add To MetaCart
Abstract:
One class of worm defense techniques that received attention of late is to “rate limit ” outbound traffic to contain fast spreading worms. Several proposals of rate limiting techniques have appeared in the literature, each with a different take on the impetus behind rate limiting. This paper presents an empirical analysis on different rate limiting schemes using real traffic and attack traces from a sizable network. In the analysis we isolate and investigate the impact of the critical parameters for each scheme and seek to understand how these parameters might be set in realistic network settings. Analysis shows that using DNS-based rate limiting has substantially lower error rates than schemes based on other traffic statistics. The analysis additionally brings to light a number of issues with respect to rate limiting at large. We explore the impact of these issues in the context of general worm containment.
Citations
|
350
|
How to 0wn the Internet in your spare time
– Staniford, Paxson, et al.
- 2002
|
|
197
|
Internet Quarantine: Requirements for Containing Self-Propagating Code
– Moore, Shannon, et al.
- 2003
|
|
178
|
Autograph: Toward automated, distributed worm signature detection
– Kim, Karp
- 2004
|
|
160
|
Automated worm fingerprinting
– Singh, Estan, et al.
- 2004
|
|
143
|
Throttling viruses: Restricting propagation to defeat malicious mobile code
– Williamson
- 2002
|
|
138
|
Code Red Worm Propagation Modeling and Analysis
– Zou, Gong, et al.
- 2002
|
|
117
|
Fast portscan detection using sequential hypothesis testing
– Jung, Paxson, et al.
- 2004
|
|
99
|
Shield: Vulnerability-driven network filters for preventing known vulnerability exploits
– Wang, Guo, et al.
- 2004
|
|
93
|
Very fast containment of scanning worms
– Weaver, Staniford, et al.
- 2004
|
|
80
|
Directed-graph Epidemiological Models of Computer Viruses
– Kephart, White
- 1991
|
|
52
|
Containment of scanning worms in enterprise networks
– Staniford
- 2004
|
|
44
|
Fast Detection of Scanning Worm Infections
– Schechter, Jung, et al.
- 2004
|
|
36
|
Epidemic Spreading in Real Networks: An Eigenvalue Viewpoint
– Wang, Chakrabarti, et al.
- 2003
|
|
25
|
Oorschot. DNS-based detection of scanning worms in an enterprise network
– Whyte, Kranakis, et al.
- 2005
|
|
23
|
A behavioral approach to worm detection
– Ellis, Aiken, et al.
- 2004
|
|
16
|
Modeling the effects of timing parameters on virus propagation
– Wang, Wang
- 2003
|
|
15
|
A Study of Mass-mailing Worms
– Wong, Bielski, et al.
- 2004
|
|
13
|
Dynamic quarantine of internet worms
– Wong, Wang, et al.
- 2004
|
|
11
|
An empirical analysis of target-resident DoS filters
– Collins, Reiter
- 2004
|
|
2
|
Inline packet scrubber
– Hogwash
|
