Quarantine-WORM03 - WormPropagationModelingand...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Worm Propagation Modeling and  Analysis under Dynamic Quarantine  Defense Cliff C. Zou,   Weibo Gong,    Don Towsley Univ. Massachusetts, Amherst
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Motivation: automatic  mitigation and its difficulties Fast spreading worms pose serious challenges: SQL Slammer infected 90% within 10 minutes. Manual counteractions out of the question. Difficulty of automatic mitigation                                high false alarm cost . Anomaly detection for unknown worm. False alarms vs. detection speed. Traditional mitigation:  No quarantine at all        long-time quarantine until passing  human’s inspection.
Background image of page 2
3 Principles in real-world  epidemic disease control Principle #1    Preemptive quarantine Assuming guilty before proven innocent Comparing with disease damage, we are willing to pay  certain  false  alarm cost. Principle #2    Feedback adjustment More serious epidemic, more aggressive quarantine  action Adaptive adjustment of the trade-off between disease damage and false  alarm cost.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Dynamic Quarantine Assuming guilty before proven innocent Quarantine on suspicion, release quarantine after a short time  automatically     reduce false alarm cost Can use any host-based, subnet-based anomaly detection  system. Host or subnet based quarantine (not whole network-level  quarantine). Quarantine is on suspicious port only.
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 17

Quarantine-WORM03 - WormPropagationModelingand...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online