DAW: A distributed antiworm system

IEEE Transactions on Parallel and Distributed Systems

Volumn 18, Issue 7, 2007, Pages 893-906

  Chen, Shigang ^a   Tang, Yong ^a  

^a University of Florida   (United States)

Author keywords

Internet worms; Network security; Rate limit algorithms

Indexed keywords

ALGORITHMIC LANGUAGES; CLIENT SERVER COMPUTER SYSTEMS; COMPUTER ARCHITECTURE; COMPUTER PRIVACY; COMPUTER SYSTEM FIREWALLS; COMPUTER VIRUSES; DISTRIBUTED COMPUTER SYSTEMS; INTERNET; INTERNET SERVICE PROVIDERS; NETWORK SECURITY;

DISTRIBUTED ANTIWORM ARCHITECHTURE; INTERNET WORMS; RATE-LIMIT ALGORITHMS; WORM PROPAGATION; WORM-INFECTED HOSTS;

COMPUTER WORMS;

EID: 34250362690     PISSN: 10459219     EISSN: None     Source Type: Journal    
DOI: 10.1109/TPDS.2007.1033     Document Type: Article

References (33)

1. J. Rochlis and M. Eichin, "With Microscope and Tweezers: The Worm from MIT's Perspective," Comm. ACM, vol. 32, no. 6, pp. 689-698, June 1989.
2. Computer Emergency Response Team, "CERT Advisory CA-2001-23 "Code Red" Worm Exploiting Buffer Overflow in IIS Indexing Service DLL," http://www.cert.org/advisories/CA-2001-23.html, July 2001.
3. eEye Digital Security, "ANALYSIS: CodeRed II Worm," http:// www.eeye.com/html/Research/Advisories/AL20010804.html, Aug. 2001.
4. Computer Emergency Response Team, "CERT Advisory CA-2001-26 Nimda Worm," http://www.cert.org/advisories/CA-2001-26.html, July 2001.
5. Computer Emergency Response Team, "CERT Advisory CA-2003-04 MS-SQL Server Worm," http://www.cert.org/advisories/CA-2003-04.html, Jan. 2003.
6. S. Staniford, V. Paxson, and N. Weaver, "How to Own the Internet in Your Spare Time," Proc. 11th USENIX Security Symp., Aug. 2002.
7. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. Seventh USENIX Security Conf., Jan. 1998.
8. D. Wagner, J.S. Foster, E.A. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. Network and Distributed System Security Symp., Feb. 2000.
9. M. Liljenstam, Y. Yuan, B. Premore, and D. Nicol, "A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations," Proc. 10th IEEE/ACM Symp. Modeling, Analysis and Simulation of Computer and Telecomm. Systems (MASCOTS '02), Oct. 2002.
10. C.C. Zou, W. Gong, and D. Towsley, "Code Red Worm Propagation Modeling and Analysis," Proc. Ninth ACM Conf. Computer and Comm. Security, Nov. 2002.
11. Z. Chen, L. Gao, and K. Kwiat, "Modeling the Spread of Active Worms," Proc. IEEE INFOCOM '03, Mar. 2003.
12. D. Moore, C. Shannon, G.M. Voelker, and S. Savage, "Internet Quarantine: Requirements for Containing Self-Propagating Code," Proc. IEEE INFOCOM '03, Mar. 2003.
13. N. Weaver, I. Hamadeh, G. Kesidis, and V. Paxson, "Preliminary Results Using Scale-Down to Explore Worm Dynamics," Proc. Second ACM Workshop on Rapid Malcode (WORM '04), Oct. 2004.
14. C.C. Zou, L. Gao, W. Gong, and D. Towsley, "Monitoring and Early Warning for Internet Worms," Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), Oct. 2003.
15. G. Gu, D. Dagon, X. Qin, M.I. Sharif, W. Lee, and G.F. Riley, "Worm Detection, Early Warning, and Response Based on Local Victim Information," Proc. 20th Ann. Computer Security Applications Conf. (ACSAC '04), Dec. 2004.
16. S. Chen and S. Ranka, "Detecting Internet Worms at Early Stage," IEEE J. Selected Areas in Comm., special issue on recent advances in managing enterprise network services, vol. 23, no. 10, Oct. 2005.
17. K. Park, H. Kim, B. Bethala, and A. Selcuk, "Scalable Protection against DDoS and Worm Attacks," DARPA ATO FTN, Technical Report AFRL-IF-RS-TR-2004-100, Dept. Computer Science, Purdue Univ., 2004.
18. K. Park, "The Internet as a Large-Scale Complex System, Chapter 1: The Internet as a Complex System," SFI Studies in the Sciences of Complexity, K. Park and W. Willinger, eds., Oxford Univ. Press, 2005.
19. M.M. Williamson, "Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code," Proc. 18th Ann. Computer Security Application Conf. (ACSAC '02), Dec. 2002.
20. J. Twycross and M.M. Williamson, "Implementing and Testing a Virus Throttle," Proc. 12th USENIX Security Symp. (Security '03), Aug. 2003.
21. T. Liston, "Welcome to My Tarpit: The Tactical and Strategic Use of LaBrea," technical report http://www.threenorth.com/LaBrea/LaBrea.txt, 2001.
22. S. Staniford, "Containment of Scanning Worms in Enterprise Networks," J. Computer Security, 2004.
23. S. Schechter, J. Jung, and A.W. Berger, "Fast Detection of Scanning Worm Infections," Proc. Seventh Int'l Symp. Recent Advances in Intrusion Detection (RAID '04), Sept. 2004.
24. H. Kim and B. Karp, "Autograph: Toward Automated, Distributed Worm Signature Detection," Proc. 13th USENIX Security Symp. (Security '04), Aug. 2004.
25. S. Singh, C. Estan, G. Varghese, and S. Savage, "The EarlyBird System for Real-Time Detection of Unknown Worms," Proc. Sixth Symp. Operating System Design and Implementation (OSDI '04), Dec. 2004.
26. J. Newsome and D. Song, "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software," Proc. 12th Ann. Network and Distributed System Security Symposium (NDSS '05), Feb. 2005.
27. J. Newsome, B. Karp, and D. Song, "Polygraph: Automatically Generating Signatures for Polymorphic Worms," Proc. IEEE Symp. Security and Privacy, May 2005.
28. W. Kermack and A. McKendrick, "A Contribution to the Mathematical Theory of Epidemics," Proc. Royal Soc. London, Series A, vol. 115, 1927.
29. N. Bailey, The Mathematical Theory of Infectious Diseases. Oxford Univ. Press, 1987.
30. H.W. Hethcote, "The Mathematics of Infectious Diseases," SIAM Rev. vol. 42, no. 4, pp. 599-653, 2000.
31. J.O. Kephart and S.R. White, "Directed-Graph Epidemiological Models of Computer Viruses," Proc. 1991 IEEE Symp. Security and Privacy, May 1991.
32. D. Moore, C. Shannon, and K. Claffy, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm," Proc. Second Internet Measurement Workshop (IMW '02), Nov. 2002.
33. D.J. Bernstein, "SYN Cookies," http://cr.yp.to/syncookies.html, 1997.