• DocumentCode
    2121711
  • Title

    An implementation for a worm detection and mitigation system

  • Author

    Binsalleeh, H. ; Youssef, A.

  • Author_Institution
    Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC
  • fYear
    2008
  • fDate
    24-26 June 2008
  • Firstpage
    54
  • Lastpage
    57
  • Abstract
    In this paper, we present an integrated system for the detection and mitigation of zero-day scanning and mass mailing worms. The detection engine of our system utilizes the domain name system (DNS) anomalies of the worm traffic; an idea that has been noted by several security researchers. Once a worm is detected, the firewall rules are automatically updated in order to isolate the infected host. An automatic alert is also sent to the user of the infected host. The system can be configured such that the user response to this alert is used to undo the firewall updates and hence helps reduce the interruption of service resulting from false alarms. The developed system has been tested with real worms in a controlled network environment. The obtained experimental results confirm the soundness and effectiveness of the developed system.
  • Keywords
    Internet; authorisation; invasive software; telecommunication traffic; controlled network environment; domain name system; firewall rule; mass mailing worm; worm detection; worm mitigation; worm traffic; zero-day scanning worm; Automatic control; Computer worms; Domain Name System; Electronic mail; IP networks; Internet; Network servers; Peer to peer computing; Search engines; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications, 2008 24th Biennial Symposium on
  • Conference_Location
    Kingston, ON
  • Print_ISBN
    978-1-4244-1945-6
  • Type

    conf

  • DOI
    10.1109/BSC.2008.4563204
  • Filename
    4563204