Title :
Framework for Integrated Proactive Network Worm Detection and Response
Author_Institution :
Comput. Security Res. Group, St.Petersburg Inst. for Inf. & Autom., St. Petersburg
Abstract :
The paper considers an integrated proactive framework for defense against spreading network worms in the Internet. The framework is intended for network worm detection (by recognizing the actions on scanning of network hosts) and containment of worm spreading (by limiting and blocking the packets transmitted by infected hosts). The framework is based on application of different heuristic detection and response mechanisms, their combination and automatic dynamic adaptation according to current network conditions. The paper describes the software system for simulation and evaluation of defense mechanisms investigated against spreading network worms and the results of experiments on detection and containment of network worms.
Keywords :
Internet; invasive software; Internet; automatic dynamic adaptation; heuristic detection; integrated proactive framework; network security; network worm detection; software system; Automation; Computer security; Computer worms; Electronic mail; Event detection; Informatics; Network servers; Protection; Telecommunication traffic; Tree graphs; adaptation; network security; network worms; simulation; worm detection and containment;
Conference_Titel :
Parallel, Distributed and Network-based Processing, 2009 17th Euromicro International Conference on
Conference_Location :
Weimar
Print_ISBN :
978-0-7695-3544-9
DOI :
10.1109/PDP.2009.52
