Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2006.13C.5.559

Variable Rate Limiter in Virus Throttling for Reducing Connection Delay  

Shim, Jae-Hong (조선대학교 컴퓨터공학부)
Publication Information
The KIPS Transactions:PartC / v.13C, no.5, 2006 , pp. 559-566 More about this Journal
Abstract
Virus throttling technique, one of many early worm detection techniques, detects the Internet worm propagation by limiting the connect requests within a certain ratio. The typical virus throttling detects worm occurrence by monitoring the length of delay queue with the fixed period of rate limiter. In this paper, we propose an algorithm that controls the period of rate limiter autonomically by utilizing the weighted average delay queue length and suggest various period determination policies that use the weighted average delay queue length as an input parameter. Through deep experiments, it is verified that the proposed technique is able to lessen inconvenience of users by reducing the connection delay time with haying just little effect on worm detection time.
Keywords
Virus Throttling; Worm Early Detection; Internet Worm; Connection Delay;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 N. Gulati, C. Williamson and R. Bunt, 'LAN traffic locality: Characterization and application,' Proc. of the First International Conference of Local Area Network Interconnection, pp.233-250. Plenum, Oct., 1993
2 심재홍, 김장복, 최경희, 정기현, 'Virus Throttling의 웜 탐지오판 감소 및 탐지시간 단축', 정보처리학회논문지C, 제 12-C편, 제6호, pp. 847-854, 2005. 10   과학기술학회마을   DOI
3 J. Kim, J. Shim, G. Jung, and K. Choi, 'Reducing Worm Detection Time and False Alarm in Virus Throttling,' LNAI, Vol. 3802, pp.297-302, Dec., 2005
4 J. Jung, S. E. Schechter, and A. W. Berger, 'Fast Detection of Scanning Worm Infections,' Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Sophia Antipolis, French Riviera, France. Sept., 2004
5 CERT, 'CERT Advisory CA-2001-26 Nimda Worm, Sept. 2001. http://www.cert.org/advisories/CA-2001-26. html
6 C. C. Zou, W. Gong, and D. Towsley, 'Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense,' ACM CCS Workshop on Rapid Malcode (WORM'03), Washington DC, Oct., 2003   DOI
7 C. Zou, L. Gao, W. Gong, D. Towsley, 'Monitoring and early warning for Internet worms,' ACM Conference on Computer and Communications Security, Washington, DC, Oct., 2003   DOI
8 J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, 'Fast port-scan detection using sequential hypothesis testing,' Proc. of the IEEE Symposium on Security and Privacy, May, 2004   DOI
9 J. Twycross and M. M. Williamson, 'Implementing and testing a virus throttle,' Proc. of the 12th USENIX Security Symposium, pp.285-294, Aug., 2003
10 X. Qin, D. Dagon, G. Gu, and W. Lee, 'Worm detection using local networks,' Technical report, College of Computing, Georgia Tech., Feb., 2004
11 CERT, 'CERT Advisory CA-2000-04 Love Letter Worm, May 2002. http://www.cert.org/advisories/CA2000-04.html
12 CERT Advisory CA-2003-04: 'MS-SQL Server Worm,' Jan., 2003. http://www.cert.org/advisories/CA-2003-04.html
13 CERT, 'CERT Advisory CA-2001-08 Code Red Worm Exploiting Buffer Overflow in IIS Indexing Service DLL,' July, 2001. http://www.cert.org/incident_notes/IN-2001-08.html
14 CERT Advisory CA-2001-09: 'Code Red II: Another Worm Exploiting Buffer Overflow,' IIS Indexing Service DLL, Aug. 2001. http://www.cert.org/ incident_notes/IN-2001-09.html
15 S. Sidiroglou and A. D. Keromytis, 'A Network Worm Vaccine Architecture,' Proc. of the IEEE Workshop on Enterprise Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, pp.220-225, June, 2003
16 D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, 'Inside the Slammer worm,' IEEE Security and Privacy, Vol.1, pp.33-39, July, 2003   DOI   ScienceOn
17 Matthew M. Williamson, 'Throttling Viruses: Restricting propagation to defeat malicious mobile code,' Proc. of the 18th Annual Computer Security Applications Conference; Dec., 2002   DOI