Origins: An approach to trace fast spreading worms to their roots

International Journal of Security and Networks

Volumn 3, Issue 1, 2008, Pages 36-46

  Burt, Andrew L ^a   Darschewski, Michael ^b   Ray, Indrajit ^c   Thurimella, Ramakrishna ^b   Wu, Hailin ^d  

^a Techsoft   (United States)

^b UNIVERSITY OF DENVER   (United States)

^c Department of Environmental and Radiological Health Sciences   (United States)

^d Array Networks   (United States)

Author keywords

Attack trace back; Computer worm attacks; Network security

Indexed keywords

COMPUTER SIMULATION; INTERNET; NETWORK SECURITY;

AUTOMATIC DISTRIBUTED MECHANISM; COMPUTER WORM ATTACKS; INTERNET WORMS;

COMPUTER WORMS;

EID: 79951598312     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2008.016200     Document Type: Article

References (25)

1. Arkin, O. (2002) Trace-Back: A Concept for Tracing and Profiling Malicious Computer Attackers, Whitepaper, Atstake Limited, http:// www.sys-security.com/archive/papers/traceback.pdf.
2. Burch, H. and Cheswick, B. (2000) 'Tracing anonymous packets to their approximate source', Proceedings of USENIX Large Installation System Administration Conference 2000, New Orleans, LA, pp.319-327.
3. Chen, Z., Gao, L. and Kwiat, K. (2003) 'Modeling the spread of active worms', Proceedings of IEEE INFOCOM 2003, San Francisco, CA, Vol. 3, pp.1890-1900.
4. Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford-Chen, S., Yip, R. and Zerkle, D. (1999) The Design of GrIDS: A Graph-Based Intrusion Detection System, Technical Report CSE-99-2, University of California Davis - Computer Science Department, http://citeseer.nj.nec.com/cheung99design.html.
5. Dean, D., Franklin, M. and Stubblefield, A. (2001) 'An algebraic approach to IP traceback', Proceedings of the 2001 Network and Distributed System Security Symposium, San Diego, CA, pp.1-10.
6. Honeynet Project Homepage (2002) Know your Enemy: Passive Fingerprint, Identifying Remote Hosts, Without Knowing [www], http:// project.honeynet.org/papers/finger.
7. Internet Engineering Task Force Homepage (2003) ICMP Traceback (itrace) [www], http://www.ietf.org/html.charters/OLD/ itrace-charter.html.
8. Jung, J., Paxson, V., Berger, A.W. and Balakrishnan, H. (2004) 'Fast portscan detection using sequential hypothesis testing', Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp.211-225.
9. La Monica, P.R. (2003) Microsoft: Bounty Hunter. The World's No. 1 Software Company Announces a $5M Reward Program to Help Catch Virus Authors [www], http://money.cnn.com/2003/11/05/technology/ microsoftbounty.
10. Mills, D.L. (1992) 'Network time protocol (version 3) specification, implementation and analysis', The Network Time Protocol Project Documentation Homepage, http://ntp.isc.org/bin/view/Support/Rfc1305.
11. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S. and Weaver, N. (2003a) The Spread of the Sapphire/Slammer Worm, http://www.caida.org/publications/papers/2003/sapphire/sapphire.html.
12. Moore, D., Shannon, C., Voelker, G.M. and Savage, S. (2003b) 'Internet quarantine: Requirements for containing self propagating code', Proceedings of IEEE INFOCOM 2003, San Francisco, CA, Vol. 3, pp.1901-1910.
13. Moore, D., Voelker, G. and Savage, S. (2001) 'Inferring internet denial-of-service activity', Proceedings of the 10th USENIX Security Symposium, Washington DC, pp.9-22.
14. Nazario, J. (2004) 'Defense and detection strategies against internet worms', Artech House, Boston, MA, ISBN 1-58053-537-2.
15. Network Time Protocol Project Homepage (2006) The NTP FAQ and HOWTO: Understanding and using the Network Time Protocol [www], http:// www.ntp.org/ntpfaq/NTP-s-algo.htm.
16. NS-2 Homepage (2003) The Network Simulator - NS-2 [www], http:// www.isi.edu/nsnam/ns/.
17. RawIP Networking FAQ Homepage (1999) RawIP Networking FAQ [www], http://www.ntua.gr/rin/rawfaq.html.
18. Reiss, S. (2003) 'Hope is a lousy defense - interview with bill joy', Wired Magazine, No. 11.12, pp.8-11.
19. Snoeren, A., Partridge, C., Sanchez, L., Jones, C., Tchakountio, F., Schwartz, B., Kent, S. and Strayer, W. (2002) 'Single-packet IP traceback', IEEE/ACM Transactions on Networking (ToN), Vol. 10, No. 6, pp.721-734.
20. Staniford, S., Paxson, V. and Weaver, N. (2002) 'How to own the internet in your spare time', Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, pp.149-167.
21. Toth, T. and Kruegel, C. (2002) 'Connection-history based anomaly detection', Proceedings of the 2002 IEEE Workshop on Information Assurance and Security, West Point, NY.
22. Weaver, N., Staniford, S. and Paxson, V. (2004) 'Very fast containment of scanning worms', Proceedings of the 13th USENIX Security Symposium San Diego, CA, pp.29-44.
23. Williamson, M.M. (2002) 'Throttling viruses: Restricting propagation to defeat malicious mobile code', Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, NV, pp.61-68.
24. Williamson, M.M. (2003) 'Design, implementation and test of an email virus throttle', Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, NV, pp.76-85.
25. Xie, Y., Sekar, V., Maltz, D., Reiter, M. and Zhang, H. (2005) 'Worm origin identification using random moonwalks', Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp.242-256.