Ahmad, Muhammad and Woodhead, Stephen (2015) Containment of fast scanning computer network worms. Internet and Distributed Computing Systems. Lecture Notes on Computer Science, 9258 . Springer International, pp. 235-247. ISBN 9783319232362 (doi:https://doi.org/10.1007/978-3-319-23237-9_21)

Preview

PDF (Author's Accepted Manuscript) 13964_WOODHEAD_Containment_Fast_Scanning_Worms_2015.pdf - Accepted Version Download (735kB)

Abstract

This paper presents a mechanism for detecting and containing fast scanning computer network worms. The countermeasure mechanism, termed NEDAC, uses a behavioural detection technique that observes the absence of DNS resolution in newly initiated outgoing connections. Upon detection of abnormal behaviour by a host, based on the absence of DNS resolution, the detection system then invokes a data link containment system to block traffic from the host. The concept has been demonstrated using a developed prototype and tested in a virtualised network environment. An empirical analysis of network worm propagation has been conducted based on the characteristics of reported contemporary vulnerabilities to test the capabilities of the countermeasure mechanism. The results show that the developed mechanism is sensitive in detecting and blocking fast scanning worm infection at an early stage.

Item Type:	Book Section
Additional Information:	Proceedings of the 8th International Conference, IDCS 2015, Windsor, UK, September 2-4, 2015.
Uncontrolled Keywords:	Worm detection; malware; cyber defence; network security
Subjects:	T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > School of Engineering (ENG)
Related URLs:	Publisher
Last Modified:	21 Apr 2017 10:50
URI:	http://gala.gre.ac.uk/id/eprint/13964

Actions (login required)

View Item

Downloads