Skip navigation

A safeguard against fast self-propagating malware

A safeguard against fast self-propagating malware

Ahmad, Muhammad Aminu, Woodhead, Steve and Gan, Diane ORCID: 0000-0002-0920-7572 (2016) A safeguard against fast self-propagating malware. In: Proceedings of the 6th International Conference on Communication and Network Security (ICCNS '16). ACM, New York, pp. 65-69. ISBN 978-1-4503-4783-9 (doi:https://doi.org/10.1145/3017971.3017974)

Full text not available from this repository. (Request a copy)

Abstract

This paper presents a detection and containment mechanism for fast self-propagating network worm malware. The detection part of the mechanism uses two categories of network host activities to identify worm behaviour in a network. Upon an identified worm activity in a network, a data-link containment system is used to isolate the internal source of infection, and a network level containment system is used to block inbound worm datagrams. The mechanism has been demonstrated using a software prototype. A number of worm experiments have been conducted to evaluate the prototype. The empirical results show the effectiveness of the developed mechanism in containing fast network worm malware at an early stage with almost no false positives.

Item Type: Conference Proceedings
Title of Proceedings: Proceedings of the 6th International Conference on Communication and Network Security (ICCNS '16)
Additional Information: ICCNS '16 6th International Conference on Communication and Network Security was held from 26-29 November 2016, Singapore.
Uncontrolled Keywords: Cyber defence, Network worm, Worm containment, Malware
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Engineering (ENG)
Faculty of Engineering & Science > Internet Security Research Laboratory
Last Modified: 25 May 2017 15:25
URI: http://gala.gre.ac.uk/id/eprint/17088

Actions (login required)

View Item View Item