Title :
NIS08-3: On the Effectiveness of Service Registration-Based Worm Defense
Author :
Kim, Jin-Ho ; Kim, Hyogon ; Bahk, Saewoong
Author_Institution :
Telecommun. R&D Center, Samsung Electron., Suwon
fDate :
Nov. 27 2006-Dec. 1 2006
Abstract :
Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.
Keywords :
Internet; invasive software; Internet worm research; TCP worms; UDP worms; content filtering; general perimeter defense system; service registration information; signature generation module; worm defense; worm detection; worm infiltration; Computer science; Computer worms; Data mining; Filtering; Hard disks; Information analysis; Relays; Research and development; TCPIP; Web and internet services;
Conference_Titel :
Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE
Conference_Location :
San Francisco, CA
Print_ISBN :
1-4244-0356-1
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2006.304
