Abstract
Hazardous worms can compromise hundreds of thousands of hosts in just hours. Mitigating these worm threats requires fast and effective strategies for containment and is a difficult task. Many containment systems have been proposed including anomaly detection, address blacklisting and signature-based content filtering. Meanwhile recently developed worm models enable us to develop a testbed to quickly evaluate the efficiency of defense mechanisms. Existing testbeds either require a great deal of hardware resources, or do not account for network performance impact due to containment methods. In this paper, we present a testbed which utilizes software agents to allow large scale simulation while maintaining individual host functionality. Varying containment schemes and strategies have been evaluated using this testbed in terms of number of infected hosts and performance impacts. Our results indicate that a dynamic containment system achieves better performance and security. We believe our testbed is an effective tool to explore and evaluate varying worm containment systems.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
