Sciweavers

GLOBECOM
2006
IEEE

On the Effectiveness of Service Registration-Based Worm Defense

14 years 6 months ago
On the Effectiveness of Service Registration-Based Worm Defense
— Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.
Jin-Ho Kim, Hyogon Kim, Saewoong Bahk
Added 11 Jun 2010
Updated 11 Jun 2010
Type Conference
Year 2006
Where GLOBECOM
Authors Jin-Ho Kim, Hyogon Kim, Saewoong Bahk
Comments (0)