Automatically Deducing Propagation Sequences that Circumvent a Collaborative Worm Defense

Briesemeister, Linda; Porras, Phillip

doi:10.1109/.2006.1629456

Cited by 5 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cheetancheri et al [14] experimentally investigate the parameters of a cooperating alert sharing protocol coupled with distributed sequential hypothesis testing to generate global alarms about distributed attacks. Briesenmeister and Porras [9] use formal methods and a model of collaborative worm defenses to create propagation strategies that prevent such defenses from reaching global consensus. They conclude that randomized algorithms offer one approach toward foiling this strategy, citing COVERAGE as a specific example.…”

Section: Related Workmentioning

confidence: 99%

“…We believe this to be an unavoidable consequence of their robustness against false alarms. Independent work [9] has pointed out that the randomized approach of COVER-AGE makes it difficult to devise virus propagation strategies that exploit the particular topology and exchange models of other collaborative virus defenses to hide their spread.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation

Anagnostakis

Greenwald²,

Ioannidis

et al. 2007

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Cooperative defensive systems communicate and cooperate in their response to worm attacks, but determine the presence of a worm attack solely on local information. Distributed worm detection and immunization systems track suspicious behavior at multiple cooperating nodes to determine whether a worm attack is in progress. Earlier work has shown that cooperative systems can respond quickly to day-zero worms, while distributed detection systems allow detectors to be more conservative (i.e., paranoid) about potential attacks because they manage false alarms efficiently. In this paper we present our investigation into the complex tradeoffs in such systems between communication costs, computation overhead, accuracy of the local tests, estimation of viral virulence, and the fraction of the network infected before the attack crests. We evaluate the effectiveness of different system configurations in various simulations. Our experiments show that distributed algorithms are better able to balance effectiveness against worms and viruses with reduced cost in computation and communication when faced with false alarms. Furthermore, cooperative, distributed systems seem more robust against malicious participants in the immunization system than earlier cooperative but nondistributed approaches.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation

Anagnostakis

Greenwald²,

Ioannidis

et al. 2007

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…Therefore, more applicable solutions utilizing multiple firewalls to contain rapid malcode in different segments of large Wide Area Networks (WAN) are already in use (Staniford, 2003). Briesemeister et al (Briesemeister & Porras, 2006;Briesemeister & Porras, 2005) have made significant contributions to the design of quarantine algorithms using game theoretic approaches and formal methods, though they did not disclose all the implementation details of a future system based on their work. On the other hand Keromytis et al present the COVERAGE algorithm, which takes most of the practical issues into account.…”

Section: Related Workmentioning

confidence: 99%

A PRoactive malware identification system based on the computer hygiene principles

Vlachos

Spinellis

2007

Info Mngmnt & Comp Security

View full text Add to dashboard Cite

Recent worm epidemics have proven beyond any doubt that the existing centralized worm containment mechanisms are no longer adequate to protect vulnerable systems, resulting in a shift towards distributed cooperative mechanisms that aim to safeguard and immunize the susceptible population. We are presenting PROMIS, a P2P based algorithm that provides its participants with early information regarding the existence of a worm epidemic and allows them to automatically adjust their security level. Our argument is that our approach is based on the principles of hygiene: taking the basic precautions to avoid infection when an epidemic is on the rise and no cure is available.

show abstract

A survey of internet worm detection and containment

Salour

2008

IEEE Commun. Surv. Tutorials

109

View full text Add to dashboard Cite

Automatically Deducing Propagation Sequences that Circumvent a Collaborative Worm Defense

Cited by 5 publications

References 15 publications

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation

A PRoactive malware identification system based on the computer hygiene principles

A survey of internet worm detection and containment

Contact Info

Product

Resources

About