Title :
Worms vs. perimeters: the case for hard-LANs
Author :
Weaver, Nicholas ; Ellis, Dan ; Staniford, Stuart ; Paxson, Vern
Abstract :
Network worms - self-propagating network programs - represent a substantial threat to our network infrastructure. Due to the propagation speed of worms, reactive defenses need to be automatic. It is important to understand where and how these defenses need to fit in the network so that they cannot be easily evaded. As there are several mechanisms malcode authors can use to bypass existing perimeter-centric defenses, this position paper argues that substantial defenses need to be embedded in the local area network, thus creating "hard-LANs" designed to detect and respond to worm infections. When compared with conventional network intrusion detection systems (NIDSs), we believe that hard-LAN devices need to have two orders of magnitude better cost/performance, and at least two orders of magnitude better accuracy, resulting in substantial design challenges.
Keywords :
invasive software; local area networks; telecommunication security; automatic reactive defenses; hard-LAN; local area network; malcode authors; network IDS; network intrusion detection systems; network worms; perimeter-centric defenses; propagation speed; self-propagating network programs; Communication system control; Computer aided software engineering; Computer worms; Costs; Humans; Intrusion detection; Local area networks; Payloads; Robustness; Telecommunication traffic;
Conference_Titel :
High Performance Interconnects, 2004. Proceedings. 12th Annual IEEE Symposium on
Print_ISBN :
0-7803-8686-8
DOI :
10.1109/CONECT.2004.1375206
