Petrifying Worm Cultures: Scalable Detection and Immunization in Untrusted Environments

We present and evaluate the design of a new and comprehensive solution for automated worm detection and immunization. The system engages a peer-to-peer network of untrusted machines on the Internet to detect new worms and facilitate rapid preventative response. We evaluate the efficacy and scalability of the proposed system through large-scale simulations and assessments of a functional real-world prototype. We find that the system enjoys scalability in terms of network coverage, fault- tolerance, security, and maintainability. It proves effective against new worms, and supports collaboration among among mutually mistrusting parties.

[1]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[2]  D KeromytisAngelos,et al.  Countering Network Worms Through Automatic Patch Generation , 2005, S&P 2005.

[3]  Michael Vrable,et al.  Scalability, fidelity, and containment in the potemkin virtual honeyfarm , 2005, SOSP '05.

[4]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[5]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[6]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[7]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[8]  Xuxian Jiang,et al.  Collapsar: A VM-Based Architecture for Network Attack Detention Center , 2004, USENIX Security Symposium.

[9]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[10]  Vern Paxson,et al.  Proceedings of the 13th USENIX Security Symposium , 2022 .

[11]  Angelos D. Keromytis,et al.  Countering network worms through automatic patch generation , 2005, IEEE Security & Privacy Magazine.

[12]  Martin Roesch,et al.  SNORT: The Open Source Network Intrusion Detection System 1 , 2002 .

[13]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[14]  M.E. Locasto,et al.  Towards collaborative security and P2P intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[15]  Robert Tappan Morris,et al.  Comparing the Performance of Distributed Hash Tables Under Churn , 2004, IPTPS.

[16]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[17]  Donald F. Towsley,et al.  Monitoring and early warning for internet worms , 2003, CCS '03.

[18]  Donald F. Towsley,et al.  The monitoring and early detection of Internet worms , 2005, IEEE/ACM Transactions on Networking.

[19]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[20]  Donald F. Towsley,et al.  Worm propagation modeling and analysis under dynamic quarantine defense , 2003, WORM '03.