An Automated Defense System to Counter Internet WormsReport
Many areas of society have become heavily dependent on services such as transportation facilities, utilities and so on that are implemented in part by large numbers of computers and communications links. Both past incidents and research studies show that a well-engineered Internet worm can disable such systems in a fairly simple way and, most notably, in a matter of a few minutes. This indicates the need for defenses against worms but their speed rules out the possibility of manually countering worm outbreaks. We present a platform that emulates the epidemic behavior of Internet active worms. For purposes of experimentation, the platform has been deployed on a cluster of computers to emulate worm outbreaks in very large networks. A wide variety of worm properties can be studied and network topologies of interest constructed. A reactive control system, based on the Willow architecture and the OOPS policy framework, operates on top of the platform and provides a monitor/analyze/respond approach to deal with infections automatically. The logic driving the control system is synthesized from a formal specification, which is based on control rules correlating sensor events. Details of our highly configurable platform, the theory of operation of the Willow architecture, the features of the specification language, and various experimental performance results are presented.
All rights reserved (no additional license for public reuse)
Scandariato, Riccardo, and John Knight. "An Automated Defense System to Counter Internet Worms." University of Virginia Dept. of Computer Science Tech Report (2004).
University of Virginia, Department of Computer Science