Article

A hybrid quarantine defense

Authors:

Phillip Porras,

Linda Briesemeister,

Yu-Cheng Allen TingAuthors Info & Claims

WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode

Pages 73 - 82

https://doi.org/10.1145/1029618.1029630

Published: 29 October 2004 Publication History

Abstract

We study the strengths, weaknesses, and potential synergies of two complementary worm quarantine defense strategies under various worm attack profiles. We observe their abilities to delay or suppress infection growth rates under two propagation techniques and three scan rates, and explore the potential synergies in combining these two complementary quarantine strategies. We compare the performance of the individual strategies against a hybrid combination strategy, and conclude that the hybrid strategy yields substantial performance improvements, beyond what either technique provides independently. This result offers potential new directions in hybrid quarantine defenses.

References

[1]

K. Anagnostakis, M. Greenwald, S. Ioannidis, A. Keromytis, and D. Li, "A Cooperative Immunization System for an Untrusting Internet," in Proceedings of the 11th IEEE International Conference on Networks (ICON), Sydney, Australia, September 2003.

[2]

R. Bajcsy and T. Benzel et. al., "Cyber defense technology networking and evaluation," Communications of the ACM, Vol 4, No 3, 2004.

Digital Library

[3]

L. Briesemeister, P. Lincoln, and P. Porras, "Epidemic Profiles and Defense of Scale-Free Networks," in Proceedings of the ACM Workshop on Rapid Malcode, Washington, DC, October 2003.

Digital Library

[4]

G. Ganger, G. Economou, and S. Bielski, "Self-Securing Network Interfaces: What, Why, and How," Carnegie Mellon University Technical Report, CMU-CS-02-144, August 2002.

[5]

S. Gorman, R. Kulkarni, L. Schintler, and R. Stough, "Least Effort Strategies for Cybersecurity," George Mason University, 2003.

[6]

M. Gualtieri and D. Mosse, "Limiting Worms via QoS Degradation," University of Pittsburgh, 2003.

[7]

D. Moore, C. Shannon, and J. Brown, "Code Red: A Case Study on the Spread and Victims of an Internet Worm," in Proceedings of the Internet Measures Workshop, Marseille, France, November 2002.

Digital Library

[8]

D. Moore, C. Shannon, G. Voelker, and S. Savage, "Internet Quarantine: Requirements for Containing Self- Propagating Code," 2003.

[9]

D. Nicol, "Models of Active Worm Defense," in Proceedings of the Measurement, Modeling and Analysis of the Internet (IMA Workshop '04), Urbana-Champaign, Illinois, January 2004.

[10]

D. Nojiri, J. Rowe, and K. Levitt, "Cooperative Response Strategies for Large Scale Attack Mitigation," in Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, April 2003.

[11]

N. Provos, "A Virtual Honeypot Framework," in Proceedings of the 12th USENIX Security Symposium, San Diego, California, August 2004.

Digital Library

[12]

S. Staniford, "Containment of Scanning Worms in Enterprise Networks," in Journal of Computer Security, 2003.

[13]

H. Toyozumi and A. Kara, "Predators: Good Mobile Code Combat against Computer Viruses", New Security Paradigms Workshop, Virginia Beach, Virginia, September 2002.

Digital Library

[14]

H. Wang, C. Guo, D. Simon, and A. Zugenmaier, "Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits," Microsoft Research, Technical Report MSR-TR-2003-81, February 2004.

[15]

N. Weaver, Vern Paxon, S. Staniford, and R. Cunningham, "A Taxonomy of Computer Worms," in Proceedings of the Workshop on Rapid Malcode, Washington, DC, October 2003.

Digital Library

[16]

M. Williamson, "Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code," Hewlett Packard, June 2002.

[17]

C. Wong, C. Wang, D. Song, S. Bielski, G.R. Granger, "Dynamic Quarantine of Internet Worms," in Proceedings of the International Conference on Dependable Systems and Networks (DSN-2004), Florence, Italy, June 2004.

Digital Library

[18]

C.C. Zou, D. Towsley, and W. Gong, "A Firewall Network System for Worm Defense in Enterprise Networks," University of Massachusetts, Amherst, Technical Report TR-04-CSE-01, February, 2004.

Cited By

Li XDuan WWang BWei WWang XWang N(2023)Design of Security Defense Mechanism for Worm Virus Attacks in Power Information Networks2023 IEEE 3rd International Conference on Data Science and Computer Application (ICDSCA)10.1109/ICDSCA59871.2023.10393419(1171-1174)Online publication date: 27-Oct-2023
https://doi.org/10.1109/ICDSCA59871.2023.10393419
Wagner NŞahin CHanson DPena JVuksani ETello BPadilla JTolk AJafer S(2016)Quantitative analysis of the mission impact for host-level cyber defensive mitigationsProceedings of the 49th Annual Simulation Symposium10.5555/2962374.2962376(1-8)Online publication date: 3-Apr-2016
https://dl.acm.org/doi/10.5555/2962374.2962376
Muttoo SGupta RPal S(2016)Analysing Security Checkpoints for an Integrated Utility-Based Information SystemEmerging Research in Computing, Information, Communication and Applications10.1007/978-981-10-0287-8_53(569-587)Online publication date: 10-May-2016
https://doi.org/10.1007/978-981-10-0287-8_53
Show More Cited By

Index Terms

A hybrid quarantine defense

Recommendations

Simulating realistic network worm traffic for worm warning system design and testing
WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode

Reproducing the effects of large-scale worm attacks in a laboratory setup in a realistic and reproducible manner is an important issue for the development of worm detection and defense systems. In this paper, we describe a worm simulation model we are ...
An Advanced Hybrid Peer-to-Peer Botnet

A “botnet” consists of a network of compromised computers controlled by an attacker (“botmaster”). Recently, botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and ...
The Zotob Storm

Using Zotob worm outbreak as an example, Schneier discusses patches and security processes for preventing more worm outbreaks. Given that it's impossible to know what's coming beforehand, how you respond to an actual worm largely determines your defense'...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode

October 2004

100 pages

ISBN:1581139705

DOI:10.1145/1029618

Program Chair:
Vern Paxson
International Computer Science Institute & Lawrence Berkeley National Laboratory

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS04

Sponsor:

CCS04: 11th ACM Conference on Computer and Communications Security 2004

October 29, 2004

Washington DC, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
681
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li XDuan WWang BWei WWang XWang N(2023)Design of Security Defense Mechanism for Worm Virus Attacks in Power Information Networks2023 IEEE 3rd International Conference on Data Science and Computer Application (ICDSCA)10.1109/ICDSCA59871.2023.10393419(1171-1174)Online publication date: 27-Oct-2023
https://doi.org/10.1109/ICDSCA59871.2023.10393419
Wagner NŞahin CHanson DPena JVuksani ETello BPadilla JTolk AJafer S(2016)Quantitative analysis of the mission impact for host-level cyber defensive mitigationsProceedings of the 49th Annual Simulation Symposium10.5555/2962374.2962376(1-8)Online publication date: 3-Apr-2016
https://dl.acm.org/doi/10.5555/2962374.2962376
Muttoo SGupta RPal S(2016)Analysing Security Checkpoints for an Integrated Utility-Based Information SystemEmerging Research in Computing, Information, Communication and Applications10.1007/978-981-10-0287-8_53(569-587)Online publication date: 10-May-2016
https://doi.org/10.1007/978-981-10-0287-8_53
Shahzad KWoodhead S(2015)Empirical analysis of an improved countermeasure against computer network wormsProceedings of the 2015 6th International Conference on Computing, Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT.2015.7395187(1-7)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/ICCCNT.2015.7395187
Shahzad KWoodhead S(2015)Empirical Analysis of Rate Limiting + Leap Ahead (RL+LA) Countermeasure against Witty Worm2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing10.1109/CIT/IUCC/DASC/PICOM.2015.305(2055-2061)Online publication date: Oct-2015
https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.305
Kuhlman CAnil Kumar VMarathe MRavi SRosenkrantz D(2015)Inhibiting diffusion of complex contagions in social networks: theoretical and experimental resultsData Mining and Knowledge Discovery10.1007/s10618-014-0351-429:2(423-465)Online publication date: 1-Mar-2015
https://dl.acm.org/doi/10.1007/s10618-014-0351-4
Thonnard OBilge LKashyap ALee M(2015)Are You at Risk? Profiling Organizations and Individuals Subject to Targeted AttacksFinancial Cryptography and Data Security10.1007/978-3-662-47854-7_2(13-31)Online publication date: 16-Jul-2015
https://doi.org/10.1007/978-3-662-47854-7_2
Shahzad KWoodhead S(2014)Towards automated distributed containment of zero-day network wormsFifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)10.1109/ICCCNT.2014.6963119(1-7)Online publication date: Jul-2014
https://doi.org/10.1109/ICCCNT.2014.6963119
Arora DVerigin AGodkin TNeville S(2014)Statistical Assessment of Sybil-Placement Strategies within DHT-Structured Peer-to-Peer BotnetsProceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications10.1109/AINA.2014.100(821-828)Online publication date: 13-May-2014
https://dl.acm.org/doi/10.1109/AINA.2014.100
Dantu RCangussu J(2014)An Architecture for Automatic and Adaptive DefenseJournal of Information Privacy and Security10.1080/15536548.2007.108558153:2(37-58)Online publication date: 10-Sep-2014
https://doi.org/10.1080/15536548.2007.10855815
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten