DocumentCode
2121711
Title
An implementation for a worm detection and mitigation system
Author
Binsalleeh, H. ; Youssef, A.
Author_Institution
Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC
fYear
2008
fDate
24-26 June 2008
Firstpage
54
Lastpage
57
Abstract
In this paper, we present an integrated system for the detection and mitigation of zero-day scanning and mass mailing worms. The detection engine of our system utilizes the domain name system (DNS) anomalies of the worm traffic; an idea that has been noted by several security researchers. Once a worm is detected, the firewall rules are automatically updated in order to isolate the infected host. An automatic alert is also sent to the user of the infected host. The system can be configured such that the user response to this alert is used to undo the firewall updates and hence helps reduce the interruption of service resulting from false alarms. The developed system has been tested with real worms in a controlled network environment. The obtained experimental results confirm the soundness and effectiveness of the developed system.
Keywords
Internet; authorisation; invasive software; telecommunication traffic; controlled network environment; domain name system; firewall rule; mass mailing worm; worm detection; worm mitigation; worm traffic; zero-day scanning worm; Automatic control; Computer worms; Domain Name System; Electronic mail; IP networks; Internet; Network servers; Peer to peer computing; Search engines; Web server;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications, 2008 24th Biennial Symposium on
Conference_Location
Kingston, ON
Print_ISBN
978-1-4244-1945-6
Type
conf
DOI
10.1109/BSC.2008.4563204
Filename
4563204
Link To Document