Skip navigation

Empirical analysis of an improved countermeasure against computer network worms

Empirical analysis of an improved countermeasure against computer network worms

Shahzad, Khurram and Woodhead, Stephen (2015) Empirical analysis of an improved countermeasure against computer network worms. In: 6th International Conference on Computing, Communication and Networking Technologies. IEEE (Institute of Electrical and Electronics Engineers), Denton, USA.

[img] PDF (Publisher's PDF)
13969_WOODHEAD_Empirical_Analysis_Computer_Network_Worms_Jul_2015.pdf - Published Version
Restricted to Repository staff only

Download (977kB)

Abstract

Wormable system vulnerabilities continue to be identified and so fast spreading network worms continue to pose a threat to the security of networks, due to their high potential speed and their ability to self-replicate. The cost of a single worm outbreak has been estimated to be as high as US$ 2.6 billion. In this paper, we report the empirical analysis of distributed worm detection and prevention countermeasure Rate Limiting+Leap Ahead (RL+LA)by using a Pseudo-Slammer worm with characteristics of the real Slammer worm outbreak. RL+LA, is a distributed automated worm detection and containment scheme that is based on the correlation of Domain Name System (DNS) queries and the destination IP address of outgoing TCP SYN and UDP datagrams leaving the network boundary, while it also utilizes cooperation between different communicating scheme members using a custom protocol, which we term Friends. The results show a significant increase in time of infection of the Slammer worm, when the countermeasure scheme is invoked, although it cannot completely stop the propagation of the worm.

Item Type: Conference Proceedings
Title of Proceedings: 6th International Conference on Computing, Communication and Networking Technologies
Additional Information: 6th ICCCNT held on July 13 - 15, 2015, Denton, U.S.A
Uncontrolled Keywords: Malware, Countermeasure, Network worm, Slammer
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science > Internet Security Research Laboratory
Related URLs:
Last Modified: 19 Oct 2016 08:31
URI: http://gala.gre.ac.uk/id/eprint/13969

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics