Title :
Endpoint-Driven Intrusion Detection and Containment of Fast Spreading Worms in Enterprise Networks
Author :
Akujobi, Frank ; Lambadaris, Ioannis ; Kranakis, Evangelos
Author_Institution :
Department of Systems and Computer Engineering, Carleton University, 1125 Colonel By Dr., Ottawa, ON K1S 5B6, Canada. fakujobi@sce.carleton.ca
Abstract :
Fast spreading network worms have become one of the most service-impacting threats in enterprise and ISP networks. We identify core requirements for effective detection and containment of such worms and propose a technique that uses a combination of distributed anomaly-based host intrusion detection and statistical analysis of network heuristics to detect malicious worm activity. Our proposal employs an automated collaborative network-centric worm containment approach. We experiment on a live test-bed with fast spreading worms and evaluate the effectiveness ofour method in detecting and containing such worms. We also evaluate the system´s performance when malicious worm traffic blends with benign network scanning traffic.
Keywords :
Acquired immune deficiency syndrome; Collaboration; Collaborative work; Computer networks; Computer worms; Intelligent networks; Intrusion detection; Protection; Systems engineering and theory; Telecommunication traffic; Anomaly-based host intrusion detection; False negatives; False positives; Fast spreading worms;
Conference_Titel :
Military Communications Conference, 2007. MILCOM 2007. IEEE
Conference_Location :
Orlando, FL, USA
Print_ISBN :
978-1-4244-1513-7
Electronic_ISBN :
978-1-4244-1513-7
DOI :
10.1109/MILCOM.2007.4455204
