An Automated Worm Containment Scheme

Song, Lipeng; Jin, Zhen

doi:10.1007/978-3-642-16515-3_24

Lipeng Song²⁰ &
Zhen Jin²¹

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6318))

Included in the following conference series:

International Conference on Web Information Systems and Mining

2937 Accesses

Abstract

How to detect and alleviate intelligent worms with the characteristic of both slow scanning rate and high vulnerability density? Here, we present a scheme to solve the problem. Different from previous schemes, which set a limit on instantaneous scanning rate against each host, the scheme considered in this paper counts the number of unique IP addresses contacted by all hosts of a subnet over a period and sets a threshold to determine whether the subnet is suspicious. Specially, we consider the similarity of information required by users belonging to the same subnet. The result shows that our scheme is effective against slow scanning worms and worms with high vulnerability density.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Moore, D., Paxson, V., Savage, S., Shanon, C., Staniford, S., Weaver, N.: Inside the slammer wor. IEEE Security and Privacy journal (2003)
Google Scholar
Moore, D., Shanon, C.: The Spread of the Code-Red Worm(CRv2) (2001), http://www.caida.org/research/security/code-red/#crv2
Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. Technical Report HPL-2002-172, HP Laboratories Bristol (2002)
Google Scholar
Wong, C., Wang, C., Song, D., Bielski, S., Ganger, G.R.: Dynamic Quarantine of Internet Worms. In: Proc. IEEE Int’l Conf. Dependable Systems and Networks, pp. 73–82 (2004)
Google Scholar
Sarah, S.H., Shroff, N.B., Bagchi, S.: Modeling and Automated Containment of Worms. IEEE Transcations on Dependable and Secure Computing 5, 71–86 (2008)
Article Google Scholar
Ma, W.D., Wang, L., Li, Y.P., Shui, H.S., Zhou, M.T.: Influence of user requirement behaviors on internet collective dynamics. Acta Phys. Sin. 57, 1381–1388 (2008)
Google Scholar
Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: Proc. Usenix Security Symp., pp. 149–167 (2002)
Google Scholar
Zou, C.C., Gong, W., Towsley, D.: Monitoring and Early Warning for Internet Worms. In: Proc. ACM Conf. Computer and Comm. Security, pp. 190–199 (2003)
Google Scholar
Kabiri, P., Ghorbani, A.A.: Research on Intrusion Detection and Response: A Survey. International Journal of Network Security 1, 84–102 (2005)
Google Scholar
Kolter, J.Z., Maloof, M.A.: Learing to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478 (2004)
Google Scholar
Moskovitch, R., Gus, I., Pluderman, S., Stopel, D., Feher, C., Glezer, C., Shahar, Y., Elovici, Y.: Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining. In: Proc. IEEE Symposium on Computational Intelligence and Data Mining, pp. 202–209 (2007)
Google Scholar
Fu, J.M., Chen, B.L., Zhang, H.G.: A Worm Containment Model Based on Neighbor-Alarm. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 449–457. Springer, Heidelberg (2007)
Chapter Google Scholar
Nlanr.: Bell Lab-I Data Set (2007), http://pma.nlanr.net/Traces/long/bell.html
Debany Jr., W.H.: Modeling the Spread of Internet Worms Via Persistently Unpatched Hosts. IEEE Netw 22, 26–32 (2008)
Article Google Scholar
Stephenson, B., Sikdar, B.: A Quasi-Species Model for the Propagation and Containment of Polymorphic Worms. IEEE Trans. Computers 58, 1289–1296 (2009)
Article MathSciNet MATH Google Scholar
Hypponen, M.: Malware Goes Mobile. Scientific American 295, 70–77 (2006)
Article Google Scholar
Wang, P., Gonzalez, M.C., Hidalgo, C.A., Barabasi, A.L.: Understanding the Spreading Patterns of Mobile Phone viruses. Science 324, 1071–1076 (2009)
Article Google Scholar

Download references

Author information

Authors and Affiliations

School of Electronic and Computer Science and Technology, North University of China, 030051, Taiyuan, China
Lipeng Song
School of Science, North University of China, 030051, Taiyuan, China
Zhen Jin

Authors

Lipeng Song
View author publications
You can also search for this author in PubMed Google Scholar
Zhen Jin
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Business Administration, Caritas Francis Hsu College, 18 Chui Ling Road, Tseung Kwan O, Hong Kong, China
Fu Lee Wang
Department of Computer and Inforamtion Science, University of Macau, Av. Padre Tomás Pereira, Taipa, Macau, SAR, China
Zhiguo Gong
School of Computer, Shanghai University, 99 Shangda Road, 200444, Shanghai, China
Xiangfeng Luo
School of Computer, Nanjing University of Posts and Telecommunications, 210003, Nanjing, China
Jingsheng Lei

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Song, L., Jin, Z. (2010). An Automated Worm Containment Scheme. In: Wang, F.L., Gong, Z., Luo, X., Lei, J. (eds) Web Information Systems and Mining. WISM 2010. Lecture Notes in Computer Science, vol 6318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16515-3_24

Download citation

DOI: https://doi.org/10.1007/978-3-642-16515-3_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16514-6
Online ISBN: 978-3-642-16515-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics