Automated Worm Fingerprinting

9 years 3 months ago
Automated Worm Fingerprinting
Network worms are a clear and growing threat to the security of today's Internet-connected hosts and networks. The combination of the Internet's unrestricted connectivity and widespread software homogeneity allows network pathogens to exploit tremendous parallelism in their propagation. In fact, modern worms can spread so quickly, and so widely, that no human-mediated reaction can hope to contain an outbreak. In this paper, we propose an automated approach for quickly detecting previously unknown worms and viruses based on two key behavioral characteristics ? a common exploit sequence together with a range of unique sources generating infections and destinations being targeted. More importantly, our approach ? called "content sifting" ? automatically generates precise signatures that can then be used to filter or moderate the spread of the worm elsewhere in the network. Using a combination of existing and novel algorithms we have developed a scalable content siftin...
Sumeet Singh, Cristian Estan, George Varghese, Ste
Added 03 Dec 2009
Updated 03 Dec 2009
Type Conference
Year 2004
Where OSDI
Authors Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage
Comments (0)