Title :
Feedback-basedWorm Containment
Author :
Dwivedi, Sanjeev
Author_Institution :
Georgia Inst. of Technol., Atlanta, GA
Abstract :
Most worm containment measures operate in two modes based on a threshold. Below the threshold, the containment measure assumes all traffic to be benign, whereas above it all anomalous traffic is considered to be malicious. We argue that such measures can lead to considerable damage before a response is triggered. Thus, we need measures that operate in a conservative manner from the time a worm is suspected until confirmation. We argue that such a measure will need to be feedback based. To design such a feedback measure, we first model worm propagation across a network connected to the Internet. Using this model we mathematically derive the conditions necessary to contain the spread of a worm in this network within certain bounds. Then we propose a feedback based algorithm that incorporates these conditions. Through simulation based study we validate the algorithm
Keywords :
Internet; invasive software; telecommunication traffic; Internet; anomalous traffic; feedback-based worm containment; worm propagation; Alarm systems; Computational modeling; Feedback; Humans; IP networks; Internet; Mathematical model; Protection; Telecommunication traffic; Time measurement;
Conference_Titel :
Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2466-4
DOI :
10.1109/AINA.2006.178
