On the effectiveness of service registration-based worm defense

Jin Ho Kim, Hyogon Kim, Saewoong Bahk

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

Original languageEnglish
Title of host publicationGLOBECOM - IEEE Global Telecommunications Conference
DOIs
Publication statusPublished - 2006 Dec 1
EventIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference - San Francisco, CA, United States
Duration: 2006 Nov 272006 Dec 1

Other

OtherIEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
CountryUnited States
CitySan Francisco, CA
Period06/11/2706/12/1

Fingerprint

Infiltration
Internet
Scanning

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Kim, J. H., Kim, H., & Bahk, S. (2006). On the effectiveness of service registration-based worm defense. In GLOBECOM - IEEE Global Telecommunications Conference [4150934] https://doi.org/10.1109/GLOCOM.2006.304

On the effectiveness of service registration-based worm defense. / Kim, Jin Ho; Kim, Hyogon; Bahk, Saewoong.

GLOBECOM - IEEE Global Telecommunications Conference. 2006. 4150934.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, JH, Kim, H & Bahk, S 2006, On the effectiveness of service registration-based worm defense. in GLOBECOM - IEEE Global Telecommunications Conference., 4150934, IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference, San Francisco, CA, United States, 06/11/27. https://doi.org/10.1109/GLOCOM.2006.304
Kim JH, Kim H, Bahk S. On the effectiveness of service registration-based worm defense. In GLOBECOM - IEEE Global Telecommunications Conference. 2006. 4150934 https://doi.org/10.1109/GLOCOM.2006.304
Kim, Jin Ho ; Kim, Hyogon ; Bahk, Saewoong. / On the effectiveness of service registration-based worm defense. GLOBECOM - IEEE Global Telecommunications Conference. 2006.
@inproceedings{182cab2eefce49adbea10c70b12a1f76,
title = "On the effectiveness of service registration-based worm defense",
abstract = "Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.",
author = "Kim, {Jin Ho} and Hyogon Kim and Saewoong Bahk",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/GLOCOM.2006.304",
language = "English",
isbn = "142440357X",
booktitle = "GLOBECOM - IEEE Global Telecommunications Conference",

}

TY - GEN

T1 - On the effectiveness of service registration-based worm defense

AU - Kim, Jin Ho

AU - Kim, Hyogon

AU - Bahk, Saewoong

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

AB - Existing Internet worm research focuses either on worm detection inside an AS, or on prevention of Internet-wide worm epidemic. But of more practical concern is how to repel worm infiltration attempts at the AS boundary. In this paper, we analyze the efficacy of the general perimeter defense system operating on service registration information. When such system finds incoming packets targeting an unregistered service, it intercepts the packets and relays them to the signature generation module. While the signature is extracted, the system blocks the infiltration through blacklisting. Finally, upon the signature generation, content filtering based on the signature takes over, replacing blacklisting. Since the effectiveness of such systems depends on the type of worm, we analyze the effectiveness against the following practical worm types: random scanning TCP worms, random-start sequential scanning TCP worms, and UDP worms.

UR - http://www.scopus.com/inward/record.url?scp=50949094568&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50949094568&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2006.304

DO - 10.1109/GLOCOM.2006.304

M3 - Conference contribution

AN - SCOPUS:50949094568

SN - 142440357X

SN - 9781424403578

BT - GLOBECOM - IEEE Global Telecommunications Conference

ER -