Amonitoring system for mitigating fast propagatingworms in the network infrastructure

Author

Martin, Miguel Vargas

Author_Institution

Inst. of Technol., Univ. of Ontario, Oshawa, Ont.

fYear

2005

fDate

1-4 May 2005

Firstpage

1427

Lastpage

1430

Abstract

Typically, intrusion detection systems deal with detection and response to a computer worm itself, but not with the collateral damage caused by the worm´s propagation. We present a monitoring system that classifies outbound packets within a router. This classification scheme results in a dynamic bandwidth share for packets where those that repeat disruptively are put into busy queues, whereas the rest are put into emptier queues. One of the major advantages of this approach is that the diagnosis of worm activity is less relevant since any disruptive traffic (worm or otherwise) will get limited bandwidth, consequently throttling some polymorphic worms, encrypted worms, denial-of-service (DoS) and distributed DoS attacks, abusive use of network services, and congestion due to flash crowds. There are some limitations to this system, all of which are acceptable in many applications

Keywords

cryptography; invasive software; telecommunication network routing; telecommunication traffic; collateral damage; denial-of-service; disruptive traffic; dynamic bandwidth; encrypted worms; fast propagating worms; intrusion detection systems; monitoring system; network infrastructure; polymorphic worms; Bandwidth; Computer crime; Computer worms; Cryptography; Intelligent networks; Intrusion detection; Linux; Stability; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Electrical and Computer Engineering, 2005. Canadian Conference on

Conference_Location

Saskatoon, Sask.

ISSN

0840-7789

Print_ISBN

0-7803-8885-2

Type

conf

DOI

10.1109/CCECE.2005.1557246

Filename

1557246