A network worm vaccine architecture

Author

Sidiroglou, Stelios ; Keromytis, Angelos D.

Author_Institution

Columbia Univ., New York, NY, USA

fYear

2003

fDate

9-11 June 2003

Firstpage

220

Lastpage

225

Abstract

The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. We present the first reaction mechanism that seeks to automatically patch vulnerable software. Our system employs a collection of sensors that detect and capture potential worm infection vectors. We automatically test the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. Our heuristics allow us to automatically generate patches that can protect against certain classes of attack, and test the resistance of the patched application against the infection vector. We describe our system architecture, discuss the various components, and propose directions for future research.

Keywords

computer viruses; formal specification; invasive software; software architecture; automatic patching; automatically generate patches; distributed system; infection detection; infection vector; network worm vaccine architecture; patched application; security threat; worm infection vectors; worm-detection sensor; Application software; Automatic testing; Computer architecture; Humans; Immune system; Network servers; Protection; Remote sensing; Sensor phenomena and characterization; Vaccines;

fLanguage

English

Publisher

ieee

Conference_Titel

Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003. WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on

ISSN

1080-1383

Print_ISBN

0-7695-1963-6

Type

conf

DOI

10.1109/ENABL.2003.1231411

Filename

1231411