• Title/Summary/Keyword: Worm containment

Search Result 2, Processing Time 0.015 seconds

A Macroscopic Framework for Internet Worm Containments (인터넷 웜 확산 억제를 위한 거시적 관점의 프레임워크)

  • Kim, Chol-Min;Kang, Suk-In;Lee, Seong-Uck;Hong, Man-Pyo
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.15 no.9
    • /
    • pp.675-684
    • /
    • 2009
  • Internet worm can cause a traffic problem through DDoS(Distributed Denial of Services) or other kind of attacks. In those manners, it can compromise the internet infrastructure. In addition to this, it can intrude to important server and expose personal information to attacker. However, current detection and response mechanisms to worm have many vulnerabilities, because they only use local characteristic of worm or can treat known worms. In this paper, we propose a new framework to detect unknown worms. It uses macroscopic characteristic of worm to detect unknown worm early. In proposed idea, we define the macroscopic behavior of worm, propose a worm detection method to detect worm flow directly in IP packet networks, and show the performance of our system with simulations. In IP based method, we implement the proposed system and measure the time overhead to execute our system. The measurement shows our system is not too heavy to normal host users.

Worm Detection and Containment using Earlybird and Snort on Deterlab (Deterlab 환경에서 Earlybird를 이용한 웜 탐지와 Snort 연동을 통한 웜 확산 차단)

  • Lee, Hyeong-Yun;Hwang, Seong-Oun;An, Beongku
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.13 no.1
    • /
    • pp.71-76
    • /
    • 2013
  • A computer worm is a standalone malware computer program that probes and exploits vulnerabilities of systems. It replicates and spreads itself to other computers via networks. In this paper, we study how to detect and prevent worms. First, we generated Codered II traffic on the emulated testbed called Deterlab. Then we identified dubious parts using Earlybird and wrote down Snort rules using Wireshark. Finally, by applying the Snort rules to the traffic, we could confirmed that worm detection was successfully done.