Abstract
How to detect and alleviate intelligent worms with the characteristic of both slow scanning rate and high vulnerability density? Here, we present a scheme to solve the problem. Different from previous schemes, which set a limit on instantaneous scanning rate against each host, the scheme considered in this paper counts the number of unique IP addresses contacted by all hosts of a subnet over a period and sets a threshold to determine whether the subnet is suspicious. Specially, we consider the similarity of information required by users belonging to the same subnet. The result shows that our scheme is effective against slow scanning worms and worms with high vulnerability density.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moore, D., Paxson, V., Savage, S., Shanon, C., Staniford, S., Weaver, N.: Inside the slammer wor. IEEE Security and Privacy journal (2003)
Moore, D., Shanon, C.: The Spread of the Code-Red Worm(CRv2) (2001), http://www.caida.org/research/security/code-red/#crv2
Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. Technical Report HPL-2002-172, HP Laboratories Bristol (2002)
Wong, C., Wang, C., Song, D., Bielski, S., Ganger, G.R.: Dynamic Quarantine of Internet Worms. In: Proc. IEEE Int’l Conf. Dependable Systems and Networks, pp. 73–82 (2004)
Sarah, S.H., Shroff, N.B., Bagchi, S.: Modeling and Automated Containment of Worms. IEEE Transcations on Dependable and Secure Computing 5, 71–86 (2008)
Ma, W.D., Wang, L., Li, Y.P., Shui, H.S., Zhou, M.T.: Influence of user requirement behaviors on internet collective dynamics. Acta Phys. Sin. 57, 1381–1388 (2008)
Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: Proc. Usenix Security Symp., pp. 149–167 (2002)
Zou, C.C., Gong, W., Towsley, D.: Monitoring and Early Warning for Internet Worms. In: Proc. ACM Conf. Computer and Comm. Security, pp. 190–199 (2003)
Kabiri, P., Ghorbani, A.A.: Research on Intrusion Detection and Response: A Survey. International Journal of Network Security 1, 84–102 (2005)
Kolter, J.Z., Maloof, M.A.: Learing to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478 (2004)
Moskovitch, R., Gus, I., Pluderman, S., Stopel, D., Feher, C., Glezer, C., Shahar, Y., Elovici, Y.: Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining. In: Proc. IEEE Symposium on Computational Intelligence and Data Mining, pp. 202–209 (2007)
Fu, J.M., Chen, B.L., Zhang, H.G.: A Worm Containment Model Based on Neighbor-Alarm. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 449–457. Springer, Heidelberg (2007)
Nlanr.: Bell Lab-I Data Set (2007), http://pma.nlanr.net/Traces/long/bell.html
Debany Jr., W.H.: Modeling the Spread of Internet Worms Via Persistently Unpatched Hosts. IEEE Netw 22, 26–32 (2008)
Stephenson, B., Sikdar, B.: A Quasi-Species Model for the Propagation and Containment of Polymorphic Worms. IEEE Trans. Computers 58, 1289–1296 (2009)
Hypponen, M.: Malware Goes Mobile. Scientific American 295, 70–77 (2006)
Wang, P., Gonzalez, M.C., Hidalgo, C.A., Barabasi, A.L.: Understanding the Spreading Patterns of Mobile Phone viruses. Science 324, 1071–1076 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, L., Jin, Z. (2010). An Automated Worm Containment Scheme. In: Wang, F.L., Gong, Z., Luo, X., Lei, J. (eds) Web Information Systems and Mining. WISM 2010. Lecture Notes in Computer Science, vol 6318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16515-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-16515-3_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16514-6
Online ISBN: 978-3-642-16515-3
eBook Packages: Computer ScienceComputer Science (R0)