Title :
Amonitoring system for mitigating fast propagatingworms in the network infrastructure
Author :
Martin, Miguel Vargas
Author_Institution :
Inst. of Technol., Univ. of Ontario, Oshawa, Ont.
Abstract :
Typically, intrusion detection systems deal with detection and response to a computer worm itself, but not with the collateral damage caused by the worm´s propagation. We present a monitoring system that classifies outbound packets within a router. This classification scheme results in a dynamic bandwidth share for packets where those that repeat disruptively are put into busy queues, whereas the rest are put into emptier queues. One of the major advantages of this approach is that the diagnosis of worm activity is less relevant since any disruptive traffic (worm or otherwise) will get limited bandwidth, consequently throttling some polymorphic worms, encrypted worms, denial-of-service (DoS) and distributed DoS attacks, abusive use of network services, and congestion due to flash crowds. There are some limitations to this system, all of which are acceptable in many applications
Keywords :
cryptography; invasive software; telecommunication network routing; telecommunication traffic; collateral damage; denial-of-service; disruptive traffic; dynamic bandwidth; encrypted worms; fast propagating worms; intrusion detection systems; monitoring system; network infrastructure; polymorphic worms; Bandwidth; Computer crime; Computer worms; Cryptography; Intelligent networks; Intrusion detection; Linux; Stability; Telecommunication traffic; Traffic control;
Conference_Titel :
Electrical and Computer Engineering, 2005. Canadian Conference on
Conference_Location :
Saskatoon, Sask.
Print_ISBN :
0-7803-8885-2
DOI :
10.1109/CCECE.2005.1557246
