ABSTRACT
Dangerous worms like CodeRed or Slammer can spread millions of probe packets in just seconds which can result in thousands of infected hosts and large losses. Fast and effective containment strategies are crucially important to protect the Internet Infrastructure. Toward this goal of fast and effective worm containment, different techniques have been presented such as address blacklisting and content filtering [3], anomaly detection [6] and signature-based detection [5]. Meanwhile recently developed worm models [1] enable us to develop a testbed to accurately and quickly evaluate the efficiency of these defense mechanisms. In this paper, we present a testbed which utilizes software agents to allow large scale simulation with individual host functionality. We utilize this testbed to evaluate our containment systems in terms of security and performance tradeoff.
- R. G. Cole, N. Phamdo, M. A. Rajab, and A. Terzis. Requirements on worm mitigation technologies in manets. In PADS, pages 207--214, 2005. Google ScholarDigital Library
- L. Li, P. Liu, Y. C. Jhi, and G. Kesidis. Evaluation of collaborative worm containment on the deter testbed. In DETER: Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test 2007, pages 5--5, Berkeley, CA, USA, 2007. USENIX Association. Google ScholarDigital Library
- D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: requirements for containing self-propagating code. In INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, volume 3, pages 1901--1910 vol. 3, March--3 April 2003.Google ScholarCross Ref
- The Network Simulator ns-2 (v2.34). http://www.isi.edu/nsnam/ns/, 2009.Google Scholar
- Y. Tang and S. Chen. Defending against internet worms: A signature-based approach. In In Proceedings of IEEE INFOCOM05, 2005.Google Scholar
- C. Zou, N. Duffield, D. Towsley, and W. Gong. Adaptive defense against various network attacks. Selected Areas in Communications, IEEE Journal on, 24(10):1877--1888, Oct. 2006. Google ScholarDigital Library
Recommendations
Lightweight testbed for evaluating worm containment systems
Hazardous worms can compromise hundreds of thousands of hosts in just hours. Mitigating these worm threats requires fast and effective strategies for containment and is a difficult task. Many containment systems have been proposed including anomaly ...
Evaluation of collaborative worm containment on the DETER testbed
DETER: Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007The advantage of collaborative containment over independent block or address blacklisting on worm defense has been advocated in previous worm studies. In this work, we will evaluate two collaborative worm containment proposals and present some of the ...
A Host-Based Approach for Unknown Fast-Spreading Worm Detection and Containment
Special Section on Best Papers from SEAMS 2012The fast-spreading worm, which immediately propagates itself after a successful infection, is becoming one of the most serious threats to today’s networked information systems. In this article, we present WormTerminator, a host-based solution for fast ...
Comments