Verme: Worm containment in overlay networks

9 years 3 months ago
Verme: Worm containment in overlay networks
Topological worms, such as those that propagate by following links in an overlay network, have the potential to spread faster than traditional random scanning worms because they have knowledge of a subset of the overlay nodes, and choose these nodes to propagate themselves; and also because they can avoid traditional detection mechanisms. Furthermore, this worm propagation strategy is likely to become prevalent as the deployment of networks with a sparse address space, such as IPv6, makes the traditional random scanning strategy futile. We present a novel approach for containing topological worms based on the fact that some overlay nodes may not have common vulnerabilities, due to their platform diversity. By properly reorganizing the overlay graph, this can lead to the containment of topological worms in small islands of nodes with common vulnerabilities that only have knowledge of themselves or nodes running on distinct platforms. We also present the design of Verme, a peer-to-peer ...
Filipe Freitas, Edgar Marques, Rodrigo Rodrigues,
Added 20 May 2010
Updated 20 May 2010
Type Conference
Year 2009
Where DSN
Authors Filipe Freitas, Edgar Marques, Rodrigo Rodrigues, Carlos Ribeiro, Paulo Ferreira, Luís Rodrigues
Comments (0)