This Article 
 Bibliographic References 
 Add to: 
Fast Worm Containment Using Feedback Control
April-June 2007 (vol. 4 no. 2)
pp. 119-136
In a computer network, network security is accomplished using elements such as firewalls, hosts, servers, routers, intrusion detection systems, and honey pots. These network elements need to know the nature or anomaly of the worm a priori to detect the attack. Modern viruses such as Code Red, Sapphire, and Nimda spread quickly. Therefore, it is impractical if not impossible for human mediated responses to these fast-spreading viruses. Several epidemic studies show that automatic tracking of resource usage and control provides an effective method to contain the damage. In this paper, we propose a novel security architecture based on the control system theory. In particular, we describe a state-space feedback control model that detects and control the spread of these viruses or worms by measuring the velocity of the number of new connections an infected host makes. The mechanism's objective is to slow down a worm's spreading velocity by controlling (delaying) the number of new connections made by an infected host. A proportional and integral (PI) controller is used for a continuous control of the feedback loop. The approach proposed here has been verified in a laboratory setup, and we were able to contain the infection so that it affected less than 5 percent of the hosts. We have also implemented a protocol for exchanging control-specific information between the network elements. The results from the simulation and experimental setup combined with the sensitivity analysis demonstrate the applicability and accuracy of the approach.
Index Terms:
Computer systems organization, communication/networking and information technology, general, network-level security and protection, computer systems organization, special-purpose and application-based systems, process control systems.
Ram Dantu, Jo?o W. Cangussu, Sudeep Patwardhan, "Fast Worm Containment Using Feedback Control," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 2, pp. 119-136, April-June 2007, doi:10.1109/TDSC.2007.1002
Usage of this product signifies your acceptance of the Terms of Use.