Title :
Cooperation system of worm detection and quarantine in real time
Author :
Chen, Yufeng ; Xiang, Zhengtao ; Dong, Yabo ; Lu, Dongming
Author_Institution :
Coll. of Comput. Sci. & Technol., Zhejiang Univ., Hangzhou
Abstract :
Worms not only infect vulnerable hosts, but also occupy a large amount of network bandwidth, which affects the normal operation of the network seriously. To achieve the worm detection and automatic quarantine in real time, a cooperation system of worm detection and quarantine is designed and implemented. The worm detection subsystem is implemented based on Bro and can detect worms in real time with our algorithm, which based on the failure probability of FCC and of heavy-tailed property. The worm quarantine subsystem can quarantine worm hosts automatically with ARP-spoofing. The cooperation between detection subsystem, quarantine subsystem and manager is achieved based on SNMP protocol. The system can be deployed easily with little effect on LAN. Experimental results show that the system can detect and quarantine worm hosts effectively.
Keywords :
computer network management; invasive software; protocols; real-time systems; ARP-spoofing; SNMP protocol; automatic quarantine; cooperation system; real time system; vulnerable hosts; worm detection; worm quarantine; Bandwidth; Computer science; Computer worms; Educational institutions; Filtering; Fingerprint recognition; Intrusion detection; Low pass filters; Operating systems; Real time systems; ARP spoofing; SNMP; cooperation; worm detection; worm quarantine;
Conference_Titel :
Automation and Logistics, 2008. ICAL 2008. IEEE International Conference on
Conference_Location :
Qingdao
Print_ISBN :
978-1-4244-2502-0
Electronic_ISBN :
978-1-4244-2503-7
DOI :
10.1109/ICAL.2008.4636301
