Lightweight testbed for evaluating worm containment systems Online publication date: Sat, 11-Aug-2012
by Lucas John Vespa; Ritam Chakrovorty; Ning Weng
International Journal of Security and Networks (IJSN), Vol. 7, No. 1, 2012
Abstract: Hazardous worms can compromise hundreds of thousands of hosts in just hours. Mitigating these worm threats requires fast and effective strategies for containment and is a difficult task. Many containment systems have been proposed including anomaly detection, address blacklisting and signature-based content filtering. Meanwhile recently developed worm models enable us to develop a testbed to quickly evaluate the efficiency of defense mechanisms. Existing testbeds either require a great deal of hardware resources, or do not account for network performance impact due to containment methods. In this paper, we present a testbed which utilizes software agents to allow large scale simulation while maintaining individual host functionality. Varying containment schemes and strategies have been evaluated using this testbed in terms of number of infected hosts and performance impacts. Our results indicate that a dynamic containment system achieves better performance and security. We believe our testbed is an effective tool to explore and evaluate varying worm containment systems.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com