Automatically deducing propagation sequences that circumvent a collaborative worm defense

Author

Briesemeister, Linda ; Porras, Phillip A.

Author_Institution

Comput. Sci. Lab., SRI Int., Menlo Park, CA

fYear

2006

fDate

10-12 April 2006

Lastpage

592

Abstract

We present an approach to the question of evaluating worm defenses against future, yet unseen, and possibly defense-aware worm behavior. Our scheme employs model checking to produce worm propagation sequences that defeat a worm defense of interest. We demonstrate this approach using an exemplar collaborative worm defense, in which LANs share alerts about encountered infections. Through model checking experiments, we then generate propagation sequences that are able to infect the whole population in the modeled network. We discuss these experimental results and also identify open problems in applying formal methods more generally in the context of worm quarantine research

Keywords

formal specification; formal verification; invasive software; local area networks; telecommunication security; LAN; collaborative worm defense; defense-aware worm behavior; model checking; worm propagation sequences; worm quarantine research; Computer networks; Computer science; Computer security; Computer worms; Filtering; International collaboration; Internet; Laboratories; Optical propagation; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International

Conference_Location

Phoenix, AZ

Print_ISBN

1-4244-0198-4

Type

conf

DOI

10.1109/.2006.1629456

Filename

1629456