Abstract:
Due to the fast spreading nature and great damage of Internet worms, it is necessary to implement automatic mitigation, such as dynamic quarantine, on computer networks. Enlightened by the methods used in epidemic disease control in the real world, we present a dynamic quarantine method based on the principle “assume guilty before proven innocent” — we quarantine a host whenever its behavior looks suspicious by blocking traffic on its anomaly port. Then we will release the quarantine after a short time, even if the host has not been inspected by security staffs yet. We present mathematical analysis of three worm propagation models under this dynamic quarantine method. The analysis shows that the dynamic quarantine can reduce a worm’s propagation speed, which can give us precious time to fight against a worm before it is too late. Furthermore, the dynamic quarantine will raise a worm’s epidemic threshold, thus it will reduce the chance for a worm to spread out. The simulation results verify our analysis and demonstrate the effectiveness of the dynamic quarantine defense.
Citations
|
314
|
How to Own the Internet in Your Spare Time
– Staniford, Paxson, et al.
- 2002
|
|
167
|
Internet quarantine: Requirements for containing self-propagating code
– Moore, Shannon, et al.
- 2003
|
|
144
|
Code-Red: a case study on the spread and victims of an Internet worm
– Moore, Shannon, et al.
- 2002
|
|
131
|
Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code
– Williamson
- 2002
|
|
121
|
Code red worm propagation modeling and analysis
– Zou, Gong, et al.
- 2002
|
|
94
|
Monitoring and early warning for internet worms
– Zou, Gao, et al.
- 2003
|
|
93
|
Modeling the spread of active worms
– Chen, Gao, et al.
- 2003
|
|
78
|
Directed-graph Epidemiological Models of Computer Viruses
– Kephart, White
- 1991
|
|
46
|
A Tour of the Worm
– Seeley
- 1989
|
|
44
|
Measuring and modeling computer virus prevalence
– KEPHART, R
- 1993
|
|
38
|
Epidemic Modelling: An Introduction
– Daley, Gani
- 1999
|
|
29
|
Computers and epidemiology
– Kephart, Chess, et al.
- 1993
|
|
17
|
Welcome To My Tarpit: The Tactical and Strategic Use of LaBrea
– Liston
- 2001
|
|
10
|
Dynamic Graphs of the Nimda worm. http://www.caida.org/dynamic/analysis/security/nimda
– CAIDA
|
|
9
|
Feedback control applied to survivability: a host-based autonomic defense system
– Kreidl, Frazier
- 2004
|
|
1
|
Guide to Intrusion Prevention. Information Security Magazine
– Lindstrom
- 2002
|
|
1
|
containment in the internal network. Silicon Defense technical white paper
– Worm
- 2003
|
|
1
|
The cost of ’Code Red
– Today
|
