Skip navigation

Containment of fast scanning computer network worms

Containment of fast scanning computer network worms

Ahmad, Muhammad and Woodhead, Stephen (2015) Containment of fast scanning computer network worms. Internet and Distributed Computing Systems. Lecture Notes on Computer Science, 9258 . Springer International, pp. 235-247. ISBN 9783319232362 (doi:10.1007/978-3-319-23237-9_21)

[img]
Preview
PDF (Author's Accepted Manuscript)
13964_WOODHEAD_Containment_Fast_Scanning_Worms_2015.pdf - Accepted Version

Download (735kB)

Abstract

This paper presents a mechanism for detecting and containing fast scanning computer network worms. The countermeasure mechanism, termed NEDAC, uses a behavioural detection technique that observes the absence of DNS resolution in newly initiated outgoing connections. Upon detection of abnormal behaviour by a host, based on the absence of DNS resolution, the detection system then invokes a data link containment system to block traffic from the host. The concept has been demonstrated using a developed prototype and tested in a virtualised network environment. An empirical analysis of network worm propagation has been conducted based on the characteristics of reported contemporary vulnerabilities to test the capabilities of the countermeasure mechanism. The results show that the developed mechanism is sensitive in detecting and blocking fast scanning worm infection at an early stage.

Item Type: Book Section
Additional Information: Proceedings of the 8th International Conference, IDCS 2015, Windsor, UK, September 2-4, 2015.
Uncontrolled Keywords: Worm detection; malware; cyber defence; network security
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / Department / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > Department of Engineering Science
Related URLs:
Last Modified: 21 Apr 2017 10:50
Selected for GREAT 2016: GREAT a
Selected for GREAT 2017: None
Selected for GREAT 2018: None
URI: http://gala.gre.ac.uk/id/eprint/13964

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics