Early containment of worms using dummy addresses and connection trace back

Taro Inaba, Nobutaka Kawaguchi, Shinya Tahara, Hiroshi Shigeno, Ken Ichi Okada

研究成果: Conference contribution

1 被引用数 (Scopus)

抄録

Most of existing network worms have used address scanning to find vulnerable hosts. Recently, however, worms with more effective propagation strategies have emerged. Among the worms, we focus on the worms that exploit address lists obtained from infected hosts to find other vulnerable hosts effectively. In this paper, we propose a method to detect and contain such worms that try to infect all hosts in an enterprise network. In our method, a detection system inserts some dummy addresses into the address lists of hosts in the network. Then, the system detects the existence of worms when a host tries to open a connection to a dummy address, and then traces back the connection logs to find potentially infected hosts and removes them from the network. Computer simulation results showed our method detected and contained worms with less than 1% infected hosts and less than 5% removed hosts.

本文言語English
ホスト出版物のタイトルThe 13th International Conference on Parallel and Distributed Systems, ICPADS
DOI
出版ステータスPublished - 2007 12 1
イベント13th International Conference on Parallel and Distributed Systems, ICPADS - Hsinchu, Taiwan, Province of China
継続期間: 2007 12 52007 12 7

出版物シリーズ

名前Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
1
ISSN(印刷版)1521-9097

Other

Other13th International Conference on Parallel and Distributed Systems, ICPADS
CountryTaiwan, Province of China
CityHsinchu
Period07/12/507/12/7

ASJC Scopus subject areas

  • Hardware and Architecture

フィンガープリント 「Early containment of worms using dummy addresses and connection trace back」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル