Abstract
Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be effective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm’s signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel resilience strategy for the detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various traffic features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is flexible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Sterbenz, J.P.G., Hutchison, D., Cetinkaya, E.K., Jabbar, A., Rohrer, J.P., Scholler, M., Smith, P.: Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Comput. Netw. (2010)
Yu, W., et al.: On Defending Peer-to-Peer System-based Active Worm Attacks. In: IEEE Global Telecommunications Conference, pp. 1757–1761. IEEE Press (2006)
Li, P., Salour, M., Su, X.: A survey of Internet worm detection and containment. IEEE Communications Surveys & Tutorials 10(1), 20–35 (2008)
Chen, C., Chen, Z., Li, Y.: Characterizing and defending against divide-conquer-scanning worms. Computer Networks 54(18), 3210–3222 (2010)
Chen, S., Tang, Y.: DAW: A distributed antiworm system. IEEE Transactions on Parallel and Distributed Systems, 893–906 (2007)
Hugelshofer, F., Smith, P., Hutchison, D., et al.: OpenLIDS: a lightweight intrusion detection system for wireless mesh networks. In: MobiCom 2009. ACM, USA (2009)
Schaeffer-Filho, A., Smith, P., Mauthe, A., Hutchison, D., Yu, Y., Fry, M.: A Framework for the Design and Evaluationof Network Resilience Management. In: 13th IEEE/IFIP Network Operations and Management Symposium, USA (2012)
Schaeffer-Filho, A., Smith, P., Mauthe, A.: Policy-driven network simulation: a resilience case study. In: SAC 2011, Taiwan, pp. 492–497 (March 2011)
Yu, Y., Fry, M., Schaeffer-Filho, A., Smith, P., Hutchison, D.: An adaptive approach to network resilience: Evolving challenge detection and mitigation. In: DRCN 2011: 8th International Workshop on Design of Reliable Communication Networks, Poland, pp. 172–179 (October 2011)
Gamer, T., Scharf, M.: Realistic Simulation Environments for IP-based Networks. In: Proceedings of the OMNeT++ Workshop, Marseille, France (March 2008)
La Polla, M., Martinelli, F., Sgandurra, D.: A Survey on Security for Mobile Devices. IEEE Communications Surveys Tutorials (99), 1–26 (2012)
Pantanilla, C.: Worm Spreads via Facebook Private Messages, Instant Messengers, Malware blog, Trend Micro (May 2012)
Flame worm one of the most complex threats ever discovered. Virus Bulletin Fight Malware and Spam (May 2012)
Brauckhoff, D., Salamatian, K., May, M.: A signal processing view on packet sampling and anomaly detection. In: INFOCOM, pp. 713–721. IEEE Press, USA (2010)
Varga, A., Hornig, R.: An overview of the OMNeT++ simulation environment. In: SIMUTools 2008 ICST, Belgium, pp. 1–10 (2008)
Twidle, K., et al.: Ponder2 - a policy environment for autonomous pervasive systems, pp. 245–246. IEEE Computer Society, USA (2008)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy Magazine 1(4), 33–39 (2003)
Zesheng, C., et al.: An Information-Theoretic View of Network-Aware Malware Attacks. IEEE Transactions on Information Forensics and Security, 530–541 (2009)
Shannon, C.E.: A mathematical theory of communication. The Bell System Technical Journal 27, 379–423 (1948)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. SIGCOMM Comput. Commun. Rev. 35(4), 217–228 (2005)
Packet vs flow-based anomaly detection. Technical White Paper, ESPHION Neetwork Disaster Protection (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yu, Y., Fry, M., Plattner, B., Smith, P., Schaeffer-Filho, A. (2012). Resilience Strategies for Networked Malware Detection and Remediation. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)