Item Details

Print View

An Automated Defense System to Counter Internet Worms

Scandariato, Riccardo; Knight, John
Scandariato, Riccardo
Knight, John
Many areas of society have become heavily dependent on services such as transportation facilities, utilities and so on that are implemented in part by large numbers of computers and communications links. Both past incidents and research studies show that a well-engineered Internet worm can disable such systems in a fairly simple way and, most notably, in a matter of a few minutes. This indicates the need for defenses against worms but their speed rules out the possibility of manually countering worm outbreaks. We present a platform that emulates the epidemic behavior of Internet active worms. For purposes of experimentation, the platform has been deployed on a cluster of computers to emulate worm outbreaks in very large networks. A wide variety of worm properties can be studied and network topologies of interest constructed. A reactive control system, based on the Willow architecture and the OOPS policy framework, operates on top of the platform and provides a monitor/analyze/respond approach to deal with infections automatically. The logic driving the control system is synthesized from a formal specification, which is based on control rules correlating sensor events. Details of our highly configurable platform, the theory of operation of the Willow architecture, the features of the specification language, and various experimental performance results are presented.
Date Received
University of Virginia, Department of Computer Science, 2004
Published Date
Libra Open Repository
In CopyrightIn Copyright
▾See more
▴See less


Access Online