Title :
Throttling viruses: restricting propagation to defeat malicious mobile code
Author :
Williamson, Matthew M.
Author_Institution :
HP Labs Bristol, Stoke Gifford, UK
Abstract :
Modern computer viruses spread incredibly quickly, far faster than human-mediated responses. This greatly increases the damage that they cause. This paper presents an approach to restricting this high speed propagation automatically. The approach is based on the observation that during virus propagation, an infected machine will connect to as many different machines as fast as possible. An uninfected machine has a different behaviour: connections are made at a lower rate, and are locally correlated (repeat connections to recently accessed machines are likely). This paper describes a simple technique to limit the rate of connections to "new" machines that is remarkably effective at both slowing and halting virus propagation without affecting normal traffic. Results of applying the filter to Web browsing data are included. The paper concludes by suggesting an implementation and discussing the potential and limitations of this approach.
Keywords :
Internet; computer viruses; distributed programming; Web browsing data; computer viruses; high speed virus propagation; human-mediated responses; malicious mobile code; Automatic control; Computer viruses; Delay; Humans; Impedance; Information filtering; Information filters; Security; Telecommunication traffic; Viruses (medical);
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
Print_ISBN :
0-7695-1828-1
DOI :
10.1109/CSAC.2002.1176279
