A hybrid quarantine defense

We study the strengths, weaknesses, and potential synergies of two complementary worm quarantine defense strategies under various worm attack profiles. We observe their abilities to delay or suppress infection growth rates under two propagation techniques and three scan rates, and explore the potential synergies in combining these two complementary quarantine strategies. We compare the performance of the individual strategies against a hybrid combination strategy, and conclude that the hybrid strategy yields substantial performance improvements, beyond what either technique provides independently. This result offers potential new directions in hybrid quarantine defenses.

[1]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[2]  Hiroshi Toyoizumi,et al.  Predators: good will mobile codes combat against computer viruses , 2002, NSPW '02.

[3]  Gregory R. Ganger,et al.  Self-Securing Network Interfaces: What, Why and How (CMU-CS-02-144) , 2002 .

[4]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[5]  Angelos D. Keromytis,et al.  A cooperative immunization system for an untrusting Internet , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[6]  S. Gorman,et al.  Least Effort Strategies for Cybersecurity , 2003, cond-mat/0306002.

[7]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[8]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[9]  Patrick Lincoln,et al.  Epidemic profiles and defense of scale-free networks , 2003, WORM '03.

[10]  Karl N. Levitt,et al.  Cooperative response strategies for large scale attack mitigation , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[11]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[12]  Catherine Rosenberg,et al.  Cyber defense technology networking and evaluation , 2004, CACM.

[13]  Helen J. Wang,et al.  Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM '04.

[14]  David M. Nicol,et al.  Models of Active Worm Defenses , 2004 .

[15]  W. Gong,et al.  A Firewall Network System for Worm Defense in Enterprise Networks , 2004 .

[16]  Dawn Xiaodong Song,et al.  Dynamic quarantine of Internet worms , 2004, International Conference on Dependable Systems and Networks, 2004.