Sciweavers

ANCS
2006
ACM

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms

13 years 9 months ago
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
The fast spreading worm is becoming one of the most serious threats to today’s networked information systems. A fast spreading worm could infect hundreds of thousands of hosts within a few minutes. In order to stop a fast spreading worm, we need the capability to detect and contain worms automatically in real-time. While signature based worm detection and containment are effective in detecting and containing known worms, they are inherently ineffective against previously unknown worms and polymorphic worms. Existing traffic anomaly pattern based approaches have the potential to detect and/or contain previously unknown and polymorphic worms, but they either impose too much constraint on normal traffic or allow too much infectious worm traffic to go out to the Internet before an unknown or polymorphic worm can be detected. In this paper, we present WormTerminator, which can detect and completely contain, at least in theory, almost all fast spreading worms in real-time while blocking...
Songqing Chen, Xinyuan Wang, Lei Liu, Xinwen Zhang
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Where ANCS
Authors Songqing Chen, Xinyuan Wang, Lei Liu, Xinwen Zhang
Comments (0)