Microsoft Research Proposes Self Certifying Alerts to Contain Worm Traffic

“Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has imageproposed a network centric approach to automate worm containment: network traffic is analyzed to derive a packet classifier that blocks (or rate-limits) worm propagation.

This approach has fundamental limitations because the analysis has no information about the application  vulnerabilities exploited by worms. This paper proposes Vigilante, a new host centric approach for automatic worm containment that addresses these limitations.

Vigilante relies on collaborative worm detection at end hosts in the Internet but does not require hosts to trust each other. Hosts detect worms by analysing attempts to infect applications and broadcast self-certifying alerts (SCAs) when they detect a worm. SCAs are automatically generated machine-verifiable proofs of vulnerability; they can be independently and inexpensively verified by any host…”

To find out more and download the report, please visit:

http://research.microsoft.com/apps/pubs/default.aspx?id=70085

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top