Article: Lightweight testbed for evaluating worm containment systems Journal: International Journal of Security and Networks (IJSN) 2012 Vol.7 No.1 pp.6 - 16 Abstract: Hazardous worms can compromise hundreds of thousands of hosts in just hours. Mitigating these worm threats requires fast and effective strategies for containment and is a difficult task. Many containment systems have been proposed including anomaly detection, address blacklisting and signature-based content filtering. Meanwhile recently developed worm models enable us to develop a testbed to quickly evaluate the efficiency of defense mechanisms. Existing testbeds either require a great deal of hardware resources, or do not account for network performance impact due to containment methods. In this paper, we present a testbed which utilizes software agents to allow large scale simulation while maintaining individual host functionality. Varying containment schemes and strategies have been evaluated using this testbed in terms of number of infected hosts and performance impacts. Our results indicate that a dynamic containment system achieves better performance and security. We believe our testbed is an effective tool to explore and evaluate varying worm containment systems. Inderscience Publishers - linking academia, business and industry through research

Title: Lightweight testbed for evaluating worm containment systems

Authors: Lucas John Vespa; Ritam Chakrovorty; Ning Weng

Addresses: Department of Computer Science, University of Illinois at Springfield, Springfield, IL 62703, USA ' Department of Electrical and Computer Engineering, Southern Illinois University, Carbondale, IL 62901, USA ' Department of Electrical and Computer Engineering, Southern Illinois University, Carbondale, IL 62901, USA

Abstract: Hazardous worms can compromise hundreds of thousands of hosts in just hours. Mitigating these worm threats requires fast and effective strategies for containment and is a difficult task. Many containment systems have been proposed including anomaly detection, address blacklisting and signature-based content filtering. Meanwhile recently developed worm models enable us to develop a testbed to quickly evaluate the efficiency of defense mechanisms. Existing testbeds either require a great deal of hardware resources, or do not account for network performance impact due to containment methods. In this paper, we present a testbed which utilizes software agents to allow large scale simulation while maintaining individual host functionality. Varying containment schemes and strategies have been evaluated using this testbed in terms of number of infected hosts and performance impacts. Our results indicate that a dynamic containment system achieves better performance and security. We believe our testbed is an effective tool to explore and evaluate varying worm containment systems.

Keywords: worm containment; network testbeds; network performance; worm threats; worm defense mechanisms; malware; computer worms; internet worms; software agents; agent-based systems; multi-agent systems; simulation; network security; network protection.

DOI: 10.1504/IJSN.2012.048478

International Journal of Security and Networks, 2012 Vol.7 No.1, pp.6 - 16

Accepted: 26 Jul 2011
Published online: 11 Aug 2012 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Lightweight testbed for evaluating worm containment systems

Keep up-to-date