Abstract
Due to the fast spreading nature and great damage of Internet worms, it is necessary to implement automatic mitigation, such as dynamic quarantine, on computer networks. Enlightened by the methods used in epidemic disease control in the real world, we present a dynamic quarantine method based on the principle assume guilty before proven innocent --- we quarantine a host whenever its behavior looks suspicious by blocking traffic on its anomaly port. Then we will release the quarantine after a short time, even if the host has not been inspected by security staffs yet. We present mathematical analysis of three worm propagation models under this dynamic quarantine method. The analysis shows that the dynamic quarantine can reduce a worm's propagation speed, which can give us precious time to fight against a worm before it is too late. Furthermore, the dynamic quarantine will raise a worm's epidemic threshold, thus it will reduce the chance for a worm to spread out. The simulation results verify our analysis and demonstrate the effectiveness of the dynamic quarantine defense.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
