Title :
An implementation for a worm detection and mitigation system
Author :
Binsalleeh, H. ; Youssef, A.
Author_Institution :
Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC
Abstract :
In this paper, we present an integrated system for the detection and mitigation of zero-day scanning and mass mailing worms. The detection engine of our system utilizes the domain name system (DNS) anomalies of the worm traffic; an idea that has been noted by several security researchers. Once a worm is detected, the firewall rules are automatically updated in order to isolate the infected host. An automatic alert is also sent to the user of the infected host. The system can be configured such that the user response to this alert is used to undo the firewall updates and hence helps reduce the interruption of service resulting from false alarms. The developed system has been tested with real worms in a controlled network environment. The obtained experimental results confirm the soundness and effectiveness of the developed system.
Keywords :
Internet; authorisation; invasive software; telecommunication traffic; controlled network environment; domain name system; firewall rule; mass mailing worm; worm detection; worm mitigation; worm traffic; zero-day scanning worm; Automatic control; Computer worms; Domain Name System; Electronic mail; IP networks; Internet; Network servers; Peer to peer computing; Search engines; Web server;
Conference_Titel :
Communications, 2008 24th Biennial Symposium on
Conference_Location :
Kingston, ON
Print_ISBN :
978-1-4244-1945-6
DOI :
10.1109/BSC.2008.4563204
