Skip navigation

An investigation of network countermeasure against fast self-propagating malware

An investigation of network countermeasure against fast self-propagating malware

Ahmad, Muhammad Aminu (2017) An investigation of network countermeasure against fast self-propagating malware. PhD thesis, University of Greenwich.

[img]
Preview
PDF
Muhammad Aminu Ahmad 2017 - secured.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB) | Preview

Abstract

A self-propagating malware is a malicious software program that spreads itself across the Internet by exploiting flaws in software systems and therefore capable of launching attack against vulnerable Internet hosts. Fast self-propagating malware poses a security threat to hosts that are connected to the Internet because the speed of their propagation is very high and causes disruption of services across the Internet. Thus it becomes crucial to effectively detect and contain the propagation of fast self-propagating malware on the Internet.

This thesis presents a mechanism for the detection and containment of fast self-propagating
malware. The thesis initially presents an overview of self-propagating malware and the need for a solution to counter the propagation of this class of malware. The thesis also presents a comprehensive literature survey to identify research gaps and limitations of previously reported worm detection and containment systems. Based on the identified limitations and shortcomings, an improved detection and containment scheme has been developed to counter the spread of fast self-propagating malware. The developed scheme, termed NEDAC, uses a cross-layer architecture to provide a combined countermeasure solution against fast self-propagating malware, i.e., a detection
technique at network layer and a containment technique at data link layer. Furthermore, an improved testing environment, termed V-Network, has been developed for high fidelity malware experimentation and testing of countermeasure systems. An evaluation framework has been developed and used to test the NEDAC scheme along with other previously reported countermeasure systems using known and contemporary self-propagating malware. The NEDAC scheme demonstrated a better performance than the previously reported countermeasure systems.

Item Type: Thesis (PhD)
Uncontrolled Keywords: Worm vulnerabilities; network worms; worm containment; worm detection; malware; cyber defence; network security;
Subjects: Q Science > QA Mathematics
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Engineering (ENG)
Last Modified: 12 Apr 2019 14:24
URI: http://gala.gre.ac.uk/id/eprint/23578

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics