Containment of fast scanning computer network worms
Ahmad, Muhammad and Woodhead, Stephen (2015) Containment of fast scanning computer network worms. Internet and Distributed Computing Systems. Lecture Notes on Computer Science, 9258 . Springer International, pp. 235-247. ISBN 9783319232362 (doi:10.1007/978-3-319-23237-9_21)
Preview |
PDF (Author's Accepted Manuscript)
13964_WOODHEAD_Containment_Fast_Scanning_Worms_2015.pdf - Accepted Version Download (735kB) |
Abstract
This paper presents a mechanism for detecting and containing fast scanning computer network worms. The countermeasure mechanism, termed NEDAC, uses a behavioural detection technique that observes the absence of DNS resolution in newly initiated outgoing connections. Upon detection of abnormal behaviour by a host, based on the absence of DNS resolution, the detection system then invokes a data link containment system to block traffic from the host. The concept has been demonstrated using a developed prototype and tested in a virtualised network environment. An empirical analysis of network worm propagation has been conducted based on the characteristics of reported contemporary vulnerabilities to test the capabilities of the countermeasure mechanism. The results show that the developed mechanism is sensitive in detecting and blocking fast scanning worm infection at an early stage.
Item Type: | Book Section |
---|---|
Additional Information: | Proceedings of the 8th International Conference, IDCS 2015, Windsor, UK, September 2-4, 2015. |
Uncontrolled Keywords: | Worm detection; malware; cyber defence; network security |
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science Faculty of Engineering & Science > School of Engineering (ENG) |
Related URLs: | |
Last Modified: | 21 Apr 2017 10:50 |
URI: | http://gala.gre.ac.uk/id/eprint/13964 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year