Skip navigation

Empirical analysis of rate limiting + leap ahead (RL+LA) countermeasure against Witty worm

Empirical analysis of rate limiting + leap ahead (RL+LA) countermeasure against Witty worm

Shahzad, Khurram and Woodhead, Stephen (2015) Empirical analysis of rate limiting + leap ahead (RL+LA) countermeasure against Witty worm. In: 13th IEEE International Conference on Dependable, Autonomic and Secure Computing. IEEE, Liverpool, UK, pp. 2055-2061. ISBN 9781509001545 (doi:https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.266)

[img] PDF (Publisher's PDF)
13970 WOODHEAD_Empirical_Analysis_Of_Rate_Limiting_2015.pdf - Published Version
Restricted to Repository staff only

Download (499kB) | Request a copy

Abstract

Wormable system vulnerabilities continue to be identified and so fast spreading network worms continue to pose a threat to the Internet infrastructure due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. The cost of a single worm outbreak has been estimated to be as high as US $2.6 billion. In this paper, we report the empirical analysis of distributed worm detection and prevention countermeasure Rate Limiting + Leap Ahead (RL+LA) by using Pseudo-Witty worm with real outbreak characteristics of Witty worm. RL+LA, is a distributed automated worm detection and containment scheme that is based on the correlation of Domain Name System (DNS) queries and the destination IP address of outgoing TCP SYN and UDP datagrams leaving the network boundary, while it also utilizes cooperation between different communicating scheme members using a custom protocol, which we term Friends. The results show a significant increase in time of infection of Witty worm, when the countermeasure scheme is invoked, although it cannot completely stops the propagation of worm.

Item Type: Conference Proceedings
Title of Proceedings: 13th IEEE International Conference on Dependable, Autonomic and Secure Computing
Additional Information: Proceedings of the 13th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC-2015), 26-28 October, Liverpool, UK.
Uncontrolled Keywords: Worms; Witty; malware; rate limiting; countermeasure
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Engineering (ENG)
Related URLs:
Last Modified: 29 May 2019 13:07
URI: http://gala.gre.ac.uk/id/eprint/13970

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics