Title :
Threshold Smart Walk for the Containment of Local Worm Outbreak
Author :
Li, L. ; Liu, P. ; Kesidis, G.
Author_Institution :
Comput. Sci. & Eng. Dept, Pennsylvania State Univ., University Park, PA
Abstract :
A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.
Keywords :
computer networks; invasive software; maximum likelihood estimation; telecommunication security; dark port detection; enterprise network; failed scan detection; honeypot detection; local worm outbreak; maximum likelihood estimation; threshold smart walk; worm-infected host scanning; Computer science; Computer worms; Condition monitoring; Decision making; Detectors; Educational institutions; Maximum likelihood estimation; Proposals; Testing; Traffic control;
Conference_Titel :
Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE
Conference_Location :
New Orleans, LO
Print_ISBN :
978-1-4244-2324-8
DOI :
10.1109/GLOCOM.2008.ECP.409
