On the effectiveness of service registration-based worm defense

Jin Ho Kim; Hyogon Kim; Saewoong Bahk

doi:10.1109/GLOCOM.2006.304

On the effectiveness of service registration-based worm defense

Jin Ho Kim, Hyogon Kim, Saewoong Bahk

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

Original language	English
Title of host publication	IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
DOIs	https://doi.org/10.1109/GLOCOM.2006.304
Publication status	Published - 2006
Event	IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference - San Francisco, CA, United States Duration: 2006 Nov 27 → 2006 Dec 1

Publication series

Name	GLOBECOM - IEEE Global Telecommunications Conference

Other

Other	IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
Country/Territory	United States
City	San Francisco, CA
Period	06/11/27 → 06/12/1

ASJC Scopus subject areas

General Engineering

Access to Document

10.1109/GLOCOM.2006.304

Cite this

Kim, JH, Kim, H & Bahk, S 2006, On the effectiveness of service registration-based worm defense. in IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference., 4150934, GLOBECOM - IEEE Global Telecommunications Conference, IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference, San Francisco, CA, United States, 06/11/27. https://doi.org/10.1109/GLOCOM.2006.304

@inproceedings{182cab2eefce49adbea10c70b12a1f76,

title = "On the effectiveness of service registration-based worm defense",

abstract = "Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.",

author = "Kim, {Jin Ho} and Hyogon Kim and Saewoong Bahk",

year = "2006",

doi = "10.1109/GLOCOM.2006.304",

language = "English",

isbn = "142440357X",

series = "GLOBECOM - IEEE Global Telecommunications Conference",

booktitle = "IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference",

note = "IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference ; Conference date: 27-11-2006 Through 01-12-2006",

}

TY - GEN

T1 - On the effectiveness of service registration-based worm defense

AU - Kim, Jin Ho

AU - Kim, Hyogon

AU - Bahk, Saewoong

PY - 2006

Y1 - 2006

N2 - Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

AB - Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

UR - http://www.scopus.com/inward/record.url?scp=50949094568&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2006.304

DO - 10.1109/GLOCOM.2006.304

M3 - Conference contribution

AN - SCOPUS:50949094568

SN - 142440357X

SN - 9781424403578

T3 - GLOBECOM - IEEE Global Telecommunications Conference

BT - IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference

T2 - IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference

Y2 - 27 November 2006 through 1 December 2006

ER -

On the effectiveness of service registration-based worm defense

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this