Resilience Strategies for Networked Malware Detection and Remediation

Select |




Print


Yu, Yue (Tina); Fry, Michael; Plattner, Bernhard


2012-11-20


Conference Material


International Conference on Network and System Security


China


14


Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be eective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm's signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel, resilience strategy for detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various trac features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is exible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms.


network resilience, worm detection, worm remediation


http://www.anss.org.au/nss2012/index.html


nicta:6079


Yu, Yue (Tina); Fry, Michael; Plattner, Bernhard. Resilience Strategies for Networked Malware Detection and Remediation.[Conference Material]. 2012-11-20. <a href="http://hdl.handle.net/102.100.100/98831?index=1" target="_blank">http://hdl.handle.net/102.100.100/98831?index=1</a>



Loading citation data...

Citation counts
(Requires subscription to view)