Slowing Down Internet Worms (2004) [12 citations — 2 self]

Download:
pdf

by Shigang Chen, Yong Tang

in Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS’04

http://www.cise.ufl.edu/~sgchen/papers/icdcs2004.pdf

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Chen04slowingdown,
    author = {Shigang Chen and Yong Tang},
    title = {Slowing Down Internet Worms},
    booktitle = {in Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS’04},
    year = {2004},
    pages = {312--319},
    publisher = {IEEE Computer Society}
}

Abstract:

An Internet worm automatically replicates itself to vulnerable systems and may infect hundreds of thousands of servers across the Internet. It is conceivable that the cyber-terrorists may use a wide-spread worm to cause major disruption to our Internet economy. While much recent research concentrates on propagation models, the defense against worms is largely an open problem. We propose a distributed anti-worm architecture (DAW) that automatically slows down or even halts the worm propagation. New defense techniques are developed based on behavioral difference between normal hosts and worm-infected hosts. Particulary, a worm-infected host has a much higher connection-failure rate when it scans the Internet with randomly selected addresses. This property allows DAW to set the worms apart from the normal hosts. We propose a temporal rate-limit algorithm and a spatial ratelimit algorithm, which makes the speed of worm propagation configurable by the parameters of the defense system. DAW is designed for an Internet service provider to provide the antiworm service to its customers. The effectiveness of the new techniques is evaluated analytically and by simulations. 1.

Citations

314	How to Own the Internet in Your Spare Time – Staniford, Paxson, et al. - 2002
167	Internet quarantine: Requirements for containing self-propagating code – Moore, Shannon, et al. - 2003
131	Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code – Williamson - 2002
121	Code red worm propagation modeling and analysis – Zou, Gong, et al. - 2002
50	The mathematics of infectious diseases – HETHCOTE - 2000
27	With microscope and tweezers: The Worm from MIT’s perspective – Rochlis, Eichin - 1989
22	A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations – Liljenstam, Yuan, et al. - 2002
2	CERT Advisory CA-2001-23 ”Code Red” Worm Exploiting Buffer Overflow – Team - 2001
1	CERT Advisory CA-2001-26 Nimda Worm – Team - 2001

View or Download | Add to My Collection | Correct Errors