Testbed for evaluating worm containment systems
Pages 175 - 176
Abstract
Dangerous worms like CodeRed or Slammer can spread millions of probe packets in just seconds which can result in thousands of infected hosts and large losses. Fast and effective containment strategies are crucially important to protect the Internet Infrastructure. Toward this goal of fast and effective worm containment, different techniques have been presented such as address blacklisting and content filtering [3], anomaly detection [6] and signature-based detection [5]. Meanwhile recently developed worm models [1] enable us to develop a testbed to accurately and quickly evaluate the efficiency of these defense mechanisms. In this paper, we present a testbed which utilizes software agents to allow large scale simulation with individual host functionality. We utilize this testbed to evaluate our containment systems in terms of security and performance tradeoff.
References
[1]
R. G. Cole, N. Phamdo, M. A. Rajab, and A. Terzis. Requirements on worm mitigation technologies in manets. In PADS, pages 207--214, 2005.
[2]
L. Li, P. Liu, Y. C. Jhi, and G. Kesidis. Evaluation of collaborative worm containment on the deter testbed. In DETER: Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test 2007, pages 5--5, Berkeley, CA, USA, 2007. USENIX Association.
[3]
D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: requirements for containing self-propagating code. In INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, volume 3, pages 1901--1910 vol. 3, March--3 April 2003.
[4]
The Network Simulator ns-2 (v2.34). http://www.isi.edu/nsnam/ns/, 2009.
[5]
Y. Tang and S. Chen. Defending against internet worms: A signature-based approach. In In Proceedings of IEEE INFOCOM05, 2005.
[6]
C. Zou, N. Duffield, D. Towsley, and W. Gong. Adaptive defense against various network attacks. Selected Areas in Communications, IEEE Journal on, 24(10):1877--1888, Oct. 2006.
Recommendations
Lightweight testbed for evaluating worm containment systems
Hazardous worms can compromise hundreds of thousands of hosts in just hours. Mitigating these worm threats requires fast and effective strategies for containment and is a difficult task. Many containment systems have been proposed including anomaly ...
Evaluation of collaborative worm containment on the DETER testbed
DETER: Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007The advantage of collaborative containment over independent block or address blacklisting on worm defense has been advocated in previous worm studies. In this work, we will evaluate two collaborative worm containment proposals and present some of the ...
A Host-Based Approach for Unknown Fast-Spreading Worm Detection and Containment
Special Section on Best Papers from SEAMS 2012The fast-spreading worm, which immediately propagates itself after a successful infection, is becoming one of the most serious threats to today’s networked information systems. In this article, we present WormTerminator, a host-based solution for fast ...
Comments
Information & Contributors
Information
Published In
October 2009
227 pages
ISBN:9781605586304
DOI:10.1145/1882486
- General Chairs:
- Peter Onufryk,
- K. K. Ramakrishnan,
- Program Chairs:
- Patrick Crowley,
- John Wroclawski
Copyright © 2009 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- SIGCOMM: ACM Special Interest Group on Data Communication
- SIGARCH: ACM Special Interest Group on Computer Architecture
- IEEE-CS\TCCA: TC on Computer Arhitecture
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 October 2009
Check for updates
Qualifiers
- Poster
Conference
ANCS '09: Symposium on Architecture for Networking and Communications Systems
October 19 - 20, 2009
New Jersey, Princeton
Acceptance Rates
Overall Acceptance Rate 88 of 314 submissions, 28%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 80Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in