Title | ||
---|---|---|
Internet-scale malware mitigation: combining intelligence of the control and data plane |
Abstract | ||
---|---|---|
Security on the Internet today is treated mostly as a data plane problem. IDS's, firewalls, and spam filters all operate on the simple principle of detecting malicious data plane behavior and erecting data plane filters. In this paper we explore how breaking down the barrier between the control and data plane can significantly enhance our understanding of how to detect and filter Internet threats like worms and botnets. Our investigation is guided by two specific goals: using information and anomalies detected on the data plane to inform control plane decision support and using anomalies detected on the control plane to inform data plane filtering. We begin by analyzing the source of persistent worms and other persistent malicious and misconfigured data plane traffic to understand the scope of this behavior on the control plane. We then analyze how anomalies on the control plane associated with poorly managed networks and are correlated with the sources of malicious and misconfigured traffic detected on the data plane. Our results show that malicious and misconfigured data plane behavior is widely spread across the control plane suggesting that constructing a few control plane filters to block the most infected organizations will not have a significant impact. We demonstrate that networks with data plane anomalies tend to exhibit more routing misconfigurations. Finally, we discuss how these correlations could be used to reject or filter routes and help stop recurring threats like persistent worms. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1145/1179542.1179549 | WORM |
Keywords | Field | DocType |
internet-scale malware mitigation,data plane problem,data plane anomaly,erecting data plane filter,misconfigured data plane traffic,data plane,misconfigured data plane behavior,control plane,malicious data plane behavior,control plane filter,control plane decision support,anomaly detection,management,network security,decision support,reliability,computer worms,bgp | Forwarding plane,Web threat,Computer security,Computer science,Botnet,Network security,Decision support system,Computer worm,Malware,The Internet | Conference |
ISBN | Citations | PageRank |
1-59593-551-7 | 2 | 0.40 |
References | Authors | |
9 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ying Zhang | 1 | 419 | 28.64 |
Evan Cooke | 2 | 549 | 59.40 |
Zhuoqing Morley Mao | 3 | 5719 | 363.11 |