ABSTRACT
In this paper, we propose a new approach for mitigation of worm propagation through tactical Mobile Ad-Hoc Networks (MANETs) which is based upon performance signatures and software rejuvenation. Three application performance signature and software rejuvenation algorithms are proposed and analyzed. These algorithms monitor critical applications' responsiveness and trigger actions for software rejuvenation when host resources degrade due to a co-resident worm competing for host resources. We analyze the effectiveness of our algorithms through analytic modeling and detailed, extensive simulation studies. The key performance metrics investigated are application response time, mean time between rejuvenations and the steady state probability of host infection. We also use simulation models to investigate several design and parameter tuning issues. We investigate the relationship between the rate at which the application performance monitors can detect out-of-specification applications and the rate of worm propagation in the network.
- A. Avritzer, A. Bondi and E. J. Weyuker, Ensuring Stable Performance for Systems that Degrade, Proc. Fifth International Workshop on Software and Performance 2005, Palma de Mallorca, Spain, July, 2005, pp. 43--51. Google ScholarDigital Library
- A. Avritzer, A. Bondi, M. Grottke, K. Trivedi and E. J. Weyuker Performance Assurance via Software Rejuvenation: Monitoring, Statistics and Algorithms, Proc. of the International Conference on Dependable Systems and Networks 2006, Philadelphia, PA, June 2006. Google ScholarDigital Library
- A. Avritzer, R. G. Cole, N. Phamdo and A. Terzis, The Wireless Taps Worm Mitigation Architecture for Tactical MANETS, JHU / Applied Physics Laboratory Technical Report, July, 2006.Google Scholar
- N. T. Bailey, The Mathematical Theory of Infectious Diseases and its Applications, Hafner Press, New York, 1975.Google Scholar
- L. Briesemeister and P. Porras, Microscopic Simulation of a Group Defense Strategy, ACM/IEEE Parallel and Distributed Simulation (PADS), Monterey CA, June, 2005. Google ScholarDigital Library
- R. G. Cole, N. Phamdo, M. A. Rajab and A. Terzis, Requirements on Worm Mitigation Technologies in MANETS, ACM/IEEE Parallel and Distributed Simulation (PADS), Monterey CA, June, 2005. Google ScholarDigital Library
- R. G. Cole, Studies of Worm Propagation in Mobile Ad-Hoc Networks for Future Combat Systems, Army Science Conference 2004, Orlando FL, December, 2004.Google Scholar
- M. Costa, et.al, Vigilante: End-to-End Containment of Internet Worms, SOSP'05, Brighton, United Kingdom, October 2005. Google ScholarDigital Library
- J. C. Frauenthal, Mathematical Modeling in Epidemiology, Springer-Verlag, New York, 1980.Google Scholar
- H. Kim and B. Karp, Autograph: Toward automated, distributed worm signature detection, USENIX Security Symposium August 2004. Google ScholarDigital Library
- C. Kreibich and J. Crowcroft, Honeycomb - creating intrusion detection signatures using honey pots, In HotNets, November 2003.Google Scholar
- V. Paxson, Bro. a system for detecting network intruders in real time, Computer Networks 31, 23-24, pp 2435-2463, December, 1999. Google ScholarDigital Library
- S. Sidiroglou and A. Keromytis, A Network Worm Vaccine Architecture, in Proceedings of the 12th IEEE WET ICE / STCA Security Workshop, June, 2003. Google ScholarDigital Library
- P. K. Singh and A. Lakhotia, Analysis and detection of computer viruses and worms: An annotated bibliography, ACM SIGPLAN Notes, vol. 37, no. 2, pp 29 35, February, 2002. Google ScholarDigital Library
- A. Wagner and B. Plattner, Entropy Based Worm and Anomaly Detection in Fast IP Networks, in Proceedings of the 14th IEEE WET ICE / STCA Security Workshop, June, 2005. Google ScholarDigital Library
- N. Weaver, S. Staniford and V. Paxson, Very fast containment of scanning worms, In USENIX Security Symposium, August, 2004. Google ScholarDigital Library
- J. Wilander and M. Kamkar, A comparison of publicly available tools for dynamic buffer overflow prevention, NDSS, February 2003.Google Scholar
- M. Williamson, Throttling Viruses: Restricting propagation to defeat malicious mobile code, in the Annual Computer Security Applications Conference, 2002. Google ScholarDigital Library
Index Terms
- Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs
Recommendations
An Acknowledgment-Based Approach for the Detection of Routing Misbehavior in MANETs
We study routing misbehavior in MANETs (Mobile Ad Hoc Networks) in this paper. In general, routing protocols for MANETs are designed based on the assumption that all participating nodes are fully cooperative. However, due to the open structure and ...
Extended Multipoint Relays to Determine Connected Dominating Sets in MANETs
Multipoint relays (MPR) [18] provide a localized and optimized way of broadcasting messages in a mobile ad hoc network (MANET). Using partial 2-hop information, each node chooses a small set of forward neighbors to relay messages and this set covers the ...
Swarm mobility and its impact on performance of routing protocols in MANETs
In a mobile ad hoc network (MANET), node mobility has significant impact on the performance of routing protocols. In this paper we investigate the impact of the swarming behavior of mobile nodes on the performance of MANET routing protocols, ...
Comments