Throttling Viruses: Restricting propagation to defeat malicious mobile code

San Diego California December 09-December 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2002.1176279

18th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Matthew M. Williamson

	ASCII Text	x
	Matthew M. Williamson, "Throttling Viruses: Restricting propagation to defeat malicious mobile code," Computer Security Applications Conference, Annual, pp. 61, 18th Annual Computer Security Applications Conference (ACSAC '02), 2002.

	BibTex	x
	@article{ 10.1109/CSAC.2002.1176279, author = {Matthew M. Williamson}, title = {Throttling Viruses: Restricting propagation to defeat malicious mobile code}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2002}, issn = {1063-9527}, pages = {61}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2002.1176279}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Throttling Viruses: Restricting propagation to defeat malicious mobile code SN - 1063-9527 SP EP A1 - Matthew M. Williamson, PY - 2002 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Matthew M. Williamson, HP Labs Bristol

Modern computer viruses spread incredibly quickly, far faster than human-mediated responses. This greatly increases the damage that they cause. This paper presents an approach to restricting this high speed propagation automatically. The approach is based on the observation that during virus propagation, an infected machine will connect to as many different machines as fast as possible. An uninfected machine has a different behaviour: connections are made at a lower rate, and are locally correlated (repeat connections to recently accessed machines are likely).

This paper describes a simple technique to limit the rate of connections to "new" machines that is remarkably effective at both slowing and halting virus propagation without affecting normal traffic. Results of applying the filter to web browsing data are included. The paper concludes by suggesting an implementation and discussing the potential and limitations of this approach.

Citation:

Matthew M. Williamson, "Throttling Viruses: Restricting propagation to defeat malicious mobile code," acsac, pp.61, 18th Annual Computer Security Applications Conference (ACSAC '02), 2002

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.