Return to search

Automated Defense Against Worm Propagation.

Worms have caused significant destruction over the last few years. Network security elements such as firewalls, IDS, etc have been ineffective against worms. Some worms are so fast that a manual intervention is not possible. This brings in the need for a stronger security architecture which can automatically react to stop worm propagation. The method has to be signature independent so that it can stop new worms. In this thesis, an automated defense system (ADS) is developed to automate defense against worms and contain the worm to a level where manual intervention is possible. This is accomplished with a two level architecture with feedback at each level. The inner loop is based on control system theory and uses the properties of PID (proportional, integral and differential controller). The outer loop works at the network level and stops the worm to reach its spread saturation point. In our lab setup, we verified that with only inner loop active the worm was delayed, and with both loops active we were able to restrict the propagation to 10% of the targeted hosts. One concern for deployment of a worm containment mechanism was degradation of throughput for legitimate traffic. We found that with proper intelligent algorithm we can minimize the degradation to an acceptable level.

Identiferoai:union.ndltd.org:unt.edu/info:ark/67531/metadc4909
Date12 1900
CreatorsPatwardhan, Sudeep
ContributorsDantu, Ram, Tate, Stephen R., Guturu, Parthasarathy
PublisherUniversity of North Texas
Source SetsUniversity of North Texas
LanguageEnglish
Detected LanguageEnglish
TypeThesis or Dissertation
FormatText
RightsUse restricted to UNT Community, Copyright, Patwardhan, Sudeep, Copyright is held by the author, unless otherwise noted. All rights reserved.

Page generated in 0.002 seconds