Abstract
We propose a new filter for preventing computer worms from spreading. The new worm filter limits the number of unacknowledged requests, rather than the rate of connections to new computers. Normal network traffic is analyzed to determine appropriate parameters for the worm filter. Performance evaluation showed that the worm filter stops not only high-speed worms in the wild, but also simulated slow-speed worms. Finally, the weaknesses of the worm filter is discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Williamson, M.M.: Throttling viruses: restricting propagation to defeat malicious mobile code. In: ACSAC Security Conference 2002, pp. 61–68 (2002)
Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: The 12th USENIX Security Symposium, pp. 285–294 (2003)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: The 2003 ACM Workshop on Rapid Malcode, pp. 11–18. ACM Press, New York (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T. (2005). A Worm Filter Based on the Number of Unacknowledged Requests. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2005. Lecture Notes in Computer Science(), vol 3682. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552451_13
Download citation
DOI: https://doi.org/10.1007/11552451_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28895-4
Online ISBN: 978-3-540-31986-3
eBook Packages: Computer ScienceComputer Science (R0)