Internet quarantine: Requirements for containing self-propagating code

Proceedings - IEEE INFOCOM

Volumn 3, Issue , 2003, Pages 1901-1910

  Moore, David ^a   Shannon, Colleen ^a   Voelker, Geoffrey M ^a   Savage, Stefan ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANALYTIC MODELING; CONTAINMENT SYSTEMS; DEPLOYMENT SCENARIOS; DESIGN FACTORS; DESIGN SPACES; FUTURE THREATS; INTERNET HOSTS; KEY PARAMETERS; LOWER BOUNDS; OPERATIONAL EXPENSE; SECURITY VULNERABILITIES; SELF-PROPAGATING CODES; SHORT PERIODS;

CODES (SYMBOLS); COMPUTER SIMULATION; DAMAGE DETECTION; EPIDEMIOLOGY; INTERNET; NETWORK SECURITY;

COMPUTER CRIME;

EID: 0042474173     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2003.1209212     Document Type: Conference Paper

References (28)

1. D. Moore and C. Shannon, "Code-Red: a Case Study on the Spread and Victims of an Internet Worm," in Proceedings of the 2002 ACM SICGOMM Internet Measurement Workshop, Marseille, France, Nov. 2002, pp. 273-284.
2. Computer Economics, "2001 Economic Impact of Malicious Code Attacks," http://www.computereconomics.com/cei/press/pr92101.html.
3. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," in Proceedings of the 7th USENIX Security Conference, San Antonio, Texas, Jan. 1998, pp. 63-78.
4. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," in Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, Feb. 2000, pp. 3-17.
5. G. C. Necula, "Proof-Carrying Code," in Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '97), Paris, France, Jan. 1997, pp. 106-119.
6. A. Somayaji, S. Hofmeyr, and S. Forrest, "Principles of a Computer Immune System," in New Security Paradigms Workshop, Sept. 1997, pp. 75-82.
7. Symantec, "Symantec Security Response," http:// securityresponse.symantec.com/.
8. Microsoft Corporation, "Microsoft windows update," http://windowsupdate.microsoft.com.
9. S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in Your Spare Time," in Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, Aug. 2002.
10. J. F. Shoch and J. A. Hupp, "The Worm Programs: Early Experience with a Distributed Computation," Communications of the ACM, vol. 25, no. 3, pp. 172-180, March 1982.
11. F. Cohen, "Computer viruses - theory and experiments," Computers and Security, vol. 6, pp. 22-35, 1987.
12. J. Rochlis and M. Eichin, "With Microscope and Tweezers: The Worm from MIT's Perspective," Communications of the ACM, vol. 32, no. 6, pp. 689-698, June 1989.
13. E. Spafford, "The Internet Worm: Crisis and Aftermath," Communications of the ACM, vol. 32, no. 6, pp. 678-687, June 1989.
14. D. Moore, G. M. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," in Proceedings of the 10th USENIX Security Symposium, Aug. 2001, pp. 9-22.
15. D. Song, R. Malan, and R. Stone, "A Snapshot of Global Internet Worm Activity," Arbor Networks, Tech. Rep., Nov. 2001.
16. T. Liston, "Welcome To My Tarpit: The Tactical and Strategic Use of LaBrea," Tech. Rep., 2001, http://www.threenorth.com/LaBrea/LaBrea.txt.
17. M. Williamson, "Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code," HP Laboratories Bristol, Tech. Rep. HPL-2002-172, 2002.
18. T. Toth and C. Kruegel, "Connection-history Based Anomaly Detection," in Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, NY, June 2002.
19. Cisco Systems, Inc, "Using Network-Based Application Recognition and Access Control Lists for Blocking the "Code Red" Worm at Network Ingress Points," http://www.cisco.com/warp/public/63/nbaraclcodered.shtml.
20. N. C. Weaver, "Warhol Worms: The Potential for Very Fast Internet Plagues," http://www.cs.berkeley.edu/~nweaver/warhol.html.
21. J. O. Kephart and S. R. White, "Directed-Graph Epidemiological Models of Computer Viruses," in IEEE Symposium on Security and Privacy, 1991, pp. 343-361.
22. C. Wang, J. Knight, and M. Elder, "On Computer Viral Infection and the Effect of Immunization," in Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC'00), New Orleans, LA, Dec 2000.
23. H. W. Hethcote, "The Mathematics of Infectious Diseases," SIAM Review, vol. 42, no. 4, pp. 599-653, 2000.
24. eEye Digital Security, "CodeRedII Worm Analysis," Aug. 2001, http://www.eeye.com/html/Research/Advisories/AL20010804.html.
25. SecurityFocus, "SecurityFocus Code Red II Information Headquarters," http://aris.securityfocus.com/alerts/codered2/.
26. Symantec, "W32.nimda.a@mm," http://www.symantec.com/avcenter/ venc/data/w32.nimda.a@mm.html.
27. CERT, "CERT Advisory CA-2001-26 Nimda Worm," http://www.cert.org/advisories/CA-2001-26.html.
28. D. Meyer, "University of Oregon Route Views Project," http://www.routeviews.org/.