Malware defenses have primarily relied upon intrusion fingerprints to detect suspicious network behavior. While effective for discovering computers that are already compromised, these systems are not designed to stop the spread or damage of malware. Standard gateway firewalls can prevent outside-based attacks; however, they are ineffective in a mobile network where threats originate from inside and administrators have limited control over client machines. This paper introduces a new strategy for malware defense using security authentication which focuses on vulnerabilities rather than exploits. The proposed system uses a remote security scanner to check for vulnerabilities and quarantines machines using logical network segmentation. This maximizes the usefulness of the machine in question while preventing attacks. Furthermore given the unique ability to quarantine machines without any specialized host software, the proposed system can defend against internal malware threats in a m...
Joseph V. Antrosio, Errin W. Fulp