Threshold smart walk for the containment of local worm outbreak

LLi, PLiu, George Kesidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.

Original languageEnglish (US)
Title of host publication2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Pages2124-2128
Number of pages5
DOIs
StatePublished - Dec 1 2008
Event2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 - New Orleans, LA, United States
Duration: Nov 30 2008Dec 4 2008

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference

Other

Other2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
CountryUnited States
CityNew Orleans, LA
Period11/30/0812/4/08

Fingerprint

Maximum likelihood estimation
Detectors
Scanning
Costs
Industry

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Cite this

LLi, PLiu, & Kesidis, G. (2008). Threshold smart walk for the containment of local worm outbreak. In 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 (pp. 2124-2128). [4698184] (GLOBECOM - IEEE Global Telecommunications Conference). https://doi.org/10.1109/GLOCOM.2008.ECP.409
LLi ; PLiu, ; Kesidis, George. / Threshold smart walk for the containment of local worm outbreak. 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008. 2008. pp. 2124-2128 (GLOBECOM - IEEE Global Telecommunications Conference).
@inproceedings{ad47c27514664c3fa65acadbdf117e12,
title = "Threshold smart walk for the containment of local worm outbreak",
abstract = "A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.",
author = "LLi and PLiu and George Kesidis",
year = "2008",
month = "12",
day = "1",
doi = "10.1109/GLOCOM.2008.ECP.409",
language = "English (US)",
isbn = "9781424423248",
series = "GLOBECOM - IEEE Global Telecommunications Conference",
pages = "2124--2128",
booktitle = "2008 IEEE Global Telecommunications Conference, GLOBECOM 2008",

}

LLi, PLiu, & Kesidis, G 2008, Threshold smart walk for the containment of local worm outbreak. in 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008., 4698184, GLOBECOM - IEEE Global Telecommunications Conference, pp. 2124-2128, 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008, New Orleans, LA, United States, 11/30/08. https://doi.org/10.1109/GLOCOM.2008.ECP.409

Threshold smart walk for the containment of local worm outbreak. / LLi; PLiu, ; Kesidis, George.

2008 IEEE Global Telecommunications Conference, GLOBECOM 2008. 2008. p. 2124-2128 4698184 (GLOBECOM - IEEE Global Telecommunications Conference).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Threshold smart walk for the containment of local worm outbreak

AU - LLi,

AU - PLiu,

AU - Kesidis, George

PY - 2008/12/1

Y1 - 2008/12/1

N2 - A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.

AB - A worm-infected host scanning globally may not cause any new infection in its underlying local network before it is detected and quarantined by a worm detector using methods such as failed scan detection. But for a stealthier worm limiting its scan inside an enterprise network, the chance of a successful local outbreak increases substantively due to the more limited scan space. Though a number of worm scanner detection methods exist including failed scan detection, honeypot, and dark port detection, a coordinated and cost-conscious defense against a local outbreak entails an accurate estimate of worm virulence level. In this regard, we develop a maximum likelihood estimation algorithm to progressively estimate the size of susceptible host population in the network so an appropriate containment threshold can be set to effectively stop the worm propagation while causing minimum service disruption to normal network users.

UR - http://www.scopus.com/inward/record.url?scp=67249090458&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67249090458&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2008.ECP.409

DO - 10.1109/GLOCOM.2008.ECP.409

M3 - Conference contribution

SN - 9781424423248

T3 - GLOBECOM - IEEE Global Telecommunications Conference

SP - 2124

EP - 2128

BT - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008

ER -

LLi, PLiu , Kesidis G. Threshold smart walk for the containment of local worm outbreak. In 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008. 2008. p. 2124-2128. 4698184. (GLOBECOM - IEEE Global Telecommunications Conference). https://doi.org/10.1109/GLOCOM.2008.ECP.409