loading...
 This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
13th International Conference on Parallel and Distributed Systems - Volume 1 (ICPADS'07)
Early containment of worms using dummy addresses and connection trace back
Hsinchu, Taiwan
December 05-December 07
ISBN: 978-1-4244-1889-3
ASCII Text
x 
 
null Taro Inaba, null Nobutaka Kawaguchi, null Shinya Tahara, null Hiroshi Shigeno, null Ken-ichi Okada, "Early containment of worms using dummy addresses and connection trace back," Parallel and Distributed Systems, International Conference on, vol. 1, pp. 1-8, 13th International Conference on Parallel and Distributed Systems - Volume 1 (ICPADS'07), 2007.
 
 
BibTex
x
 
@article{ 10.1109/ICPADS.2007.4447717,
author = {null Taro Inaba and null Nobutaka Kawaguchi and null Shinya Tahara and null Hiroshi Shigeno and null Ken-ichi Okada},
title = {Early containment of worms using dummy addresses and connection trace back},
journal ={Parallel and Distributed Systems, International Conference on},
volume = {1},
year = {2007},
isbn = {978-1-4244-1889-3},
pages = {1-8},
doi = {http://doi.ieeecomputersociety.org/10.1109/ICPADS.2007.4447717},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - CONF
JO - Parallel and Distributed Systems, International Conference on
TI - Early containment of worms using dummy addresses and connection trace back
SN - 978-1-4244-1889-3
SP1
EP8
A1 - null Taro Inaba,
A1 - null Nobutaka Kawaguchi,
A1 - null Shinya Tahara,
A1 - null Hiroshi Shigeno,
A1 - null Ken-ichi Okada,
PY - 2007
KW - null
VL - 1
JA - Parallel and Distributed Systems, International Conference on
ER -
 
null Taro Inaba, Faculty of Science and Technology, Keio University 3-14-1, Hiyoshi, Kohoku Ward, Yokohama City, Kanagawa, Japan
null Nobutaka Kawaguchi, Faculty of Science and Technology, Keio University 3-14-1, Hiyoshi, Kohoku Ward, Yokohama City, Kanagawa, Japan
null Shinya Tahara, Faculty of Science and Technology, Keio University 3-14-1, Hiyoshi, Kohoku Ward, Yokohama City, Kanagawa, Japan
null Hiroshi Shigeno, Faculty of Science and Technology, Keio University 3-14-1, Hiyoshi, Kohoku Ward, Yokohama City, Kanagawa, Japan
null Ken-ichi Okada, Faculty of Science and Technology, Keio University 3-14-1, Hiyoshi, Kohoku Ward, Yokohama City, Kanagawa, Japan
Most of existing network worms have used address scanning to find vulnerable hosts. Recently, however, worms with more effective propagation strategies have emerged. Among the worms, we focus on the worms that exploit address lists obtained from infected hosts to find other vulnerable hosts effectively. In this paper, we propose a method to detect and contain such worms that try to infect all hosts in an enterprise network. In our method, a detection system inserts some dummy addresses into the address lists of hosts in the network. Then, the system detects the existence of worms when a host tries to open a connection to a dummy address, and then traces back the connection logs to find potentially infected hosts and removes them from the network. Computer simulation results showed our method detected and contained worms with less than 1% infected hosts and less than 5% removed hosts.
Citation:
null Taro Inaba, null Nobutaka Kawaguchi, null Shinya Tahara, null Hiroshi Shigeno, null Ken-ichi Okada, "Early containment of worms using dummy addresses and connection trace back," icpads, vol. 1, pp.1-8, 13th International Conference on Parallel and Distributed Systems - Volume 1 (ICPADS'07), 2007
Usage of this product signifies your acceptance of the Terms of Use.