Paper Info
Title
Empirical Analysis Of Rate Limiting Plus Leap Ahead (Rl Plus La) Countermeasure Against Witty Worm
Abstract
Wormable system vulnerabilities continue to be identified and so fast spreading network worms continue to pose a threat to the Internet infrastructure due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. The cost of a single worm outbreak has been estimated to be as high as US $2.6 billion. In this paper, we report the empirical analysis of distributed worm detection and prevention countermeasure Rate Limiting + Leap Ahead (RL+LA) by using Pseudo-Witty worm with real outbreak characteristics of Witty worm. RL+LA, is a distributed automated worm detection and containment scheme that is based on the correlation of Domain Name System (DNS) queries and the destination IP address of outgoing TCP SYN and UDP datagrams leaving the network boundary, while it also utilizes cooperation between different communicating scheme members using a custom protocol, which we term Friends. The results show a significant increase in time of infection of Witty worm, when the countermeasure scheme is invoked, although it cannot completely stops the propagation of worm.
Year
DOI
Venue
2015
10.1109/CIT/IUCC/DASC/PICOM.2015.305
CIT/IUCC/DASC/PICom
Keywords
Field
DocType
Worms, Witty, malware, rate limiting, countermeasure
Countermeasure,Computer science,Computer security,Domain Name System,Computer worm,Computer network,Malware,Datagram,Limiting,Mobile telephony,The Internet
Conference
Citations 
PageRank 
References 
0
0.34
16
Authors
2
Name
Order
Citations
PageRank
Khurram Shahzad116525.77
Steve Woodhead2102.52