Sciweavers

EUROSYS
2007
ACM

Sweeper: a lightweight end-to-end system for defending against fast worms

14 years 8 months ago
Sweeper: a lightweight end-to-end system for defending against fast worms
The vulnerabilities which plague computers cause endless grief to users. Slammer compromised millions of hosts in minutes; a hit-list worm would take under a second. Recently proposed techniques respond better than manual approaches, but require expensive instrumentation, limiting deployment. Although spreading “antibodies” (e.g. signatures) ameliorates this limitation, hosts dependant on antibodies are defenseless until inoculation; to the fastest hit-list worms this delay is crucial. Additionally, most recently proposed techniques cannot provide recovery to provide continuous service after an attack. We propose a solution, called Sweeper, that provides both fast and accurate post-attack analysis and efficient recovery with low normal execution overhead. Sweeper combines several techniques. (1) Sweeper uses lightweight monitoring techniques to detect a wide array of suspicious requests, providing a first level of defense. (2) By leveraging lightweight checkpointing, Sweeper post...
Joseph Tucek, James Newsome, Shan Lu, Chengdu Huan
Added 10 Mar 2010
Updated 10 Mar 2010
Type Conference
Year 2007
Where EUROSYS
Authors Joseph Tucek, James Newsome, Shan Lu, Chengdu Huang, Spiros Xanthos, David Brumley, Yuanyuan Zhou, Dawn Xiaodong Song
Comments (0)