PWC: A proactive worm containment solution for enterprise networks

Yoon Chan Jhi, Peng Liu, Lunquan Li, Qijun Gu, Jiwu Jing, George Kesidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

We propose PWC, a proactive worm containment solution for enterprises. PWC can stop - instead of slowing down - an infected host from releasing worm scans as early as after merely 4 scans. Motivated by the observation that a worm uses a sustained outgoing packet rate, PWC gains infection awareness seconds before a signature or filter can be generated. To overcome denial-of-service possibly caused by such smoking signs of infection, PWC develops two new white detection (detecting who are uninfected) techniques: (a) the vulnerability time window lemma, and (b) the relaxation analysis. PWC is signature-free thus it is immunized from polymorphic worms and timely in containing. PWC is also resilient to containment evading. PWC is not sensitive to worm scan rate, and not protocol specific. Due to white detection, PWC causes minimal denial-ofservice. Evaluation based on real traces and worm simulations demonstrates that PWC significantly outperforms Virus Throttle [1] in terms of number of released worm scans, number of hosts infected by local scans, and availability.

Original languageEnglish (US)
Title of host publicationProceedings of the 3rd International Conference on Security and Privacy in Communication Networks, SecureComm
Pages433-442
Number of pages10
DOIs
StatePublished - Dec 1 2007
Event3rd International Conference on Security and Privacy in Communication Networks, SecureComm - Nice, France
Duration: Sep 17 2007Sep 21 2007

Publication series

NameProceedings of the 3rd International Conference on Security and Privacy in Communication Networks, SecureComm

Other

Other3rd International Conference on Security and Privacy in Communication Networks, SecureComm
CountryFrance
CityNice
Period9/17/079/21/07

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software

Cite this

Jhi, Y. C., Liu, P., Li, L., Gu, Q., Jing, J., & Kesidis, G. (2007). PWC: A proactive worm containment solution for enterprise networks. In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks, SecureComm (pp. 433-442). [4550364] (Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks, SecureComm). https://doi.org/10.1109/SECCOM.2007.4550364