A Multi-Resolution Approach forWorm Detection and Containment

Philadelphia, Pennsylvania June 25-June 28

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2006.6

International Conference on Dependabl ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Vyas Sekar Articles by Yinglian Xie Articles by Michael K. Reiter Articles by Hui Zhang

	ASCII Text	x
	Vyas Sekar, Yinglian Xie, Michael K. Reiter, Hui Zhang, "A Multi-Resolution Approach forWorm Detection and Containment," Dependable Systems and Networks, International Conference on, pp. 189-198, International Conference on Dependable Systems and Networks (DSN'06), 2006.

	BibTex	x
	@article{ 10.1109/DSN.2006.6, author = {Vyas Sekar and Yinglian Xie and Michael K. Reiter and Hui Zhang}, title = {A Multi-Resolution Approach forWorm Detection and Containment}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2006}, isbn = {0-7695-2607-1}, pages = {189-198}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2006.6}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - A Multi-Resolution Approach forWorm Detection and Containment SN - 0-7695-2607-1 SP189 EP198 A1 - Vyas Sekar, A1 - Yinglian Xie, A1 - Michael K. Reiter, A1 - Hui Zhang, PY - 2006 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Vyas Sekar, Carnegie Mellon University

Yinglian Xie, Carnegie Mellon University

Michael K. Reiter, Carnegie Mellon University

Hui Zhang, Carnegie Mellon University

Despite the proliferation of detection and containment techniques in the worm defense literature, simple threshold-based methods remain the most widely deployed and most popular approach among practitioners. This popularity arises out of the simplistic appeal, ease of use, and independence from attack-specific properties such as scanning strategies and signatures. However, such approaches have known limitations: they either fail to detect low-rate attacks or incur very high false positive rates. We propose a multi-resolution approach to enhance the power of threshold-based detection and rate-limiting techniques. Using such an approach we can not only detect fast attacks with low latency, but also discover low-rate attacks - several orders of magnitude less aggressive than today?s fast propagating attacks with low false positive rates. We also outline a multi-resolution rate limiting mechanism for throttling the number of new connections a host can make, to contain the spread of worms. Our trace analysis and simulation experiments demonstrate the benefits of a multiresolution approach for worm defense.

Citation:

Vyas Sekar, Yinglian Xie, Michael K. Reiter, Hui Zhang, "A Multi-Resolution Approach forWorm Detection and Containment," dsn, pp.189-198, International Conference on Dependable Systems and Networks (DSN'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.