Rearguard: A Novel Blockchain-based Automatic Worm Containment System

Abstract

Cyberattacks constitute a significant threat to information technology systems. Computer worms are used to conduct cyberattacks to compromise computers and the data stored on them. The self-propagation characteristic of computer worms allows them to spread fast and infect many hosts in a computer network. Thus, this makes it difficult for humans to deploy a timely countermeasure to confront worm infections within the attacked network. Worm containment is utilized to stop worm spread in a computer network. The containment technique should be automatic, timely, reliable, and implemented in a distributed manner. In this paper, we introduce Rearguard, a novel blockchain-based automatic worm containment system. Rearguard achieves worm containment by creating and distributing vulnerability-based filters for the vulnerabilities being exploited. A vulnerability-based filter is employed to drop any received network message contains variants of a worm that attempts to exploit the same vulnerability. The vulnerability-based filter generation is carried out utilizing a blockchain smart contract deployed in the attacked network. The blockchain ensures reliability, timely response, trustworthy filters, and the availability of all filters in a distributed ledger that is maintained by network hosts. Rearguard has been implemented against a synthetic worm. The obtained results show that Rearguard introduces low overhead as well as ensures timely and automatic response to worm attacks.