Abstract
This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects.
This research was supported by research funds from National Research Lab program, Korea, and Chosun University, 2005.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CERT, CERT Advisory CA-2003-04 MS-SQL Server Worm, (January 2003), http://www.cert.org/advisories/CA-2003-04.html
CERT, CERT Advisory CA-2001-09 Code Red II Another Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. (August 2001), http://www.cert.org/incident_notes/IN-2001-09.html
Sidiroglou, S., Keromytis, A.D.: A Network Worm Vaccine Architecture. In: Proc. of the IEEE Workshop on Enterprise Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, June 2003, pp. 220–225 (2003)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy 1, 33–39 (2003)
Stallings, W.: Operating System: Internal and Design Principles, 5th edn., pp. 407–410. Pearson Prentice Hall, London (2005)
Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proc. of the 18th Annual Computer Security Applications Conference, December 2002, (2002)
Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Proc. of the 12th USENIX Security Symposium, August 2003, pp. 285–294 (2003)
Jung, J., Schechter, S.E., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Sophia Antipolis, French Riviera, France (September 2004)
Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proc. of the IEEE Symposium on Security and Privacy (May 2004)
Qin, X., Dagon, D., Gu, G., Lee, W.: Worm detection using local networks. Technical report, College of Computing, Georgia Tech. (February 2004)
CERT, CERT Advisory CA-2001-26 Nimda Worm (September 2001), http://www.cert.org/advisories/CA-2001-26.html
Gulati, N., Williamson, C., Bunt, R.: LAN traffic locality: Characterization and application. In: Proc. of the First International Conference of Local Area Network Interconnection, October 1993, pp. 233–250 (1993)
CERT.: CERT Advisory CA-2001-08 Code Red Worm Exploiting Buffer Overflow in IIS Indexing Service DL (July 2001), http://www.cert.org/incident_notes/IN-2001-08.html
Yang, X.: Designing traffic profiles for bursty internet traffic. In: Proceedings of IEEE Global Internet, Taipei, Taiwan, p. 2 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, J., Shim, J., Jung, G., Choi, K. (2006). Tackling Worm Detection Speed and False Alarm in Virus Throttling. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_7
Download citation
DOI: https://doi.org/10.1007/11689522_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33052-3
Online ISBN: 978-3-540-33058-5
eBook Packages: Computer ScienceComputer Science (R0)