On the effectiveness of service registration-based worm defense

Jin Ho Kim, Hyogon Kim, Saewoong Bahk

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

Original languageEnglish
Title of host publicationIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
DOIs
Publication statusPublished - 2006
EventIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference - San Francisco, CA, United States
Duration: 2006 Nov 272006 Dec 1

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference

Other

OtherIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
Country/TerritoryUnited States
CitySan Francisco, CA
Period06/11/2706/12/1

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'On the effectiveness of service registration-based worm defense'. Together they form a unique fingerprint.

Cite this