TY - GEN
T1 - Threshold smart walk for the containment of local worm outbreak
AU - LLi,
AU - PLiu,
AU - Kesidis, G.
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2008
Y1 - 2008
N2 - A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.
AB - A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.
UR - http://www.scopus.com/inward/record.url?scp=67249090458&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67249090458&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2008.ECP.409
DO - 10.1109/GLOCOM.2008.ECP.409
M3 - Conference contribution
AN - SCOPUS:67249090458
SN - 9781424423248
T3 - GLOBECOM - IEEE Global Telecommunications Conference
SP - 2124
EP - 2128
BT - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
T2 - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Y2 - 30 November 2008 through 4 December 2008
ER -