Empirical analysis of rate limiting + leap ahead (RL+LA) countermeasure against Witty worm
Shahzad, Khurram and Woodhead, Stephen (2015) Empirical analysis of rate limiting + leap ahead (RL+LA) countermeasure against Witty worm. In: 13th IEEE International Conference on Dependable, Autonomic and Secure Computing. IEEE, Liverpool, UK, pp. 2055-2061. ISBN 9781509001545 (doi:10.1109/CIT/IUCC/DASC/PICOM.2015.266)
PDF (Publisher's PDF)
13970 WOODHEAD_Empirical_Analysis_Of_Rate_Limiting_2015.pdf - Published Version Restricted to Repository staff only Download (499kB) | Request a copy |
Abstract
Wormable system vulnerabilities continue to be identified and so fast spreading network worms continue to pose a threat to the Internet infrastructure due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. The cost of a single worm outbreak has been estimated to be as high as US $2.6 billion. In this paper, we report the empirical analysis of distributed worm detection and prevention countermeasure Rate Limiting + Leap Ahead (RL+LA) by using Pseudo-Witty worm with real outbreak characteristics of Witty worm. RL+LA, is a distributed automated worm detection and containment scheme that is based on the correlation of Domain Name System (DNS) queries and the destination IP address of outgoing TCP SYN and UDP datagrams leaving the network boundary, while it also utilizes cooperation between different communicating scheme members using a custom protocol, which we term Friends. The results show a significant increase in time of infection of Witty worm, when the countermeasure scheme is invoked, although it cannot completely stops the propagation of worm.
Item Type: | Conference Proceedings |
---|---|
Title of Proceedings: | 13th IEEE International Conference on Dependable, Autonomic and Secure Computing |
Additional Information: | Proceedings of the 13th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC-2015), 26-28 October, Liverpool, UK. |
Uncontrolled Keywords: | Worms; Witty; malware; rate limiting; countermeasure |
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science Faculty of Engineering & Science > School of Engineering (ENG) |
Related URLs: | |
Last Modified: | 29 May 2019 13:07 |
URI: | http://gala.gre.ac.uk/id/eprint/13970 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year