CSDL Home H HICSS 2007 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Jan. 3, 2007 to Jan. 6, 2007
Scott E. Coull , Johns Hopkins University, USA
Boleslaw K. Szymanski , Rensselaer Polytechnic Institute, USA
The speed with which Internet worms propagate, and their potential for carrying devastating payloads makes them a significant threat to the stability of the Internet. Current approaches for containing these worms are ineffective due to their completely local protection mechanisms -- requiring complete deployment for global worm containment. This paper suggests an alternate approach wherein the containment mechanisms are moved within the network itself rather than at end-points. This internetwork-centric approach allows networks within the Internet to not only protect themselves, but also other networks that may not have the containment technology deployed. A novel reputation-based alerting mechanism is used to ensure fair and fast information sharing. The combination of the internetwork-centric containment and reputation-based alerting allows for the creation of an Internet-wide containment mechanism that provides greater protection against fast scanning worms than any previously proposed system, and at the same time providing unequaled resilience to false positives and malicious nodes.
Scott E. Coull, Boleslaw K. Szymanski, "On the Development of an Internetwork-Centric Defense for Scanning Worms", HICSS, 2007, Proceedings of the 40th Annual Hawaii International Conference on System Sciences, Proceedings of the 40th Annual Hawaii International Conference on System Sciences 2007, pp. 144a, doi:10.1109/HICSS.2007.406