Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Researchers Propose Early Warning System for Worms

    Written by

    Ryan Naraine
    Published April 20, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Researchers at the University of Florida have designed an Internet-worm early warning system that offers a new approach to pinpointing the first sign of a malicious network attack.

      Shigang Chen and Sanjay Ranka, professors in the universitys Computer and Information Science and Engineering department, outlined the plumbing for the system in a research paper (here in pdf) that promises a fix for known weaknesses in existing early warning mechanisms.

      The paper focuses on TCP-based worms and identifies ways of avoiding false positives by looking at reply traffic from the targets instead of monitoring Syn (synchronization) packets to keep track of half-open connections.

      “Our proposal integrates a set of techniques that can automatically detect the concerted scan activity of an ongoing worm attack,” Chen explained. In an interview with Ziff Davis Internet News, he said the system monitors a “used” address space and relies on RESET packets to find the scan sources.

      “This has greater accuracy and makes the system resilient to antimonitor measures,” he added.

      The paper does not provide details on how worm propagation warnings would be distributed or how the system would arrange detection of UDP (User Datagram Protocol)-based worms, but Chen argues that the research can be easily expanded to solve those issues.

      “Once the system is in place and worm propagation is detected, you can use all kinds of distribution mechanisms to get the alarm out. You can set up subscriptions to distribute the data via e-mail, pagers, newsgroups or any other existing mechanism,” he said.

      Chens group has also designed a distributed anti-worm system, described here in pdf, that offers perimeter-based defense against high-bandwidth distributed denial-of-service attacks. That system, Chen said, can be used by ISPs to provide security service to customers.

      With the worm early warning system, dubbed WEW, Chen said he believes the “open problem” of thwarting attacks like the destructive Blaster, CodeRed, Nimda and Sasser worms could be minimized.

      /zimages/6/28571.gifRead more here about the destructive Sasser worm.

      “The problem has not been solved because nobody is detecting worms in time. As weve seen with the big attacks, they were already widespread before the industry could figure out it was a worm attack,” Chen said.

      Chen and Rankas proposal also includes an antispoof protocol that filters out the false scan sources to identify possible worm-infected hosts. It also proposes the use of a new performance metric, system sensitivity, to capture the responsiveness of an early warning system in reporting an ongoing worm.

      In theory, Chen sees the early warning system deployed at the gateway of a large enterprise network to collect samples of Internet scan activities. “The system detected potential worm outbreak by analyzing the pattern of increase in external scan sources and comparing their similarity,” the researcher wrote.

      “It captures the common signature from those sources in order to assist human analysis or automatically reconfigure a filtering device to block them,” he added.

      The primary task of Chens worm early warning system is to monitor outbound TCP RESET packets which would indicate failed inbound connection attempts, Chen explained.

      To work around the problem of false positives, the paper proposes to filter out false scan sources.

      “The goal is to have a system to issue warnings at the very early stages of an attack and to provide information for security analysts to control the damage.”

      Chen said the system can be deployed locally or codeployed among a group of enterprise networks to provide comprehensive worm-detection capabilities.

      /zimages/6/28571.gifClick here to read about Microsofts anti-Blaster worm tool for home users.

      Chen said “honeypots” would be used to capture the attack signatures of the scanning hosts, but conceded that the issue of creating signatures was not fully addressed in the proposal.

      He likened the need for an Internet-worm early warning system to similar mechanisms that deal with real-life disasters like hurricanes, floods and tornados.

      “In the Internet world, the damage may not be loss of lives, but its still very significant,” Chen said. “The network worm is still the number one threat in the enterprise. It costs hundreds of millions of dollars every year to fix compromised machines and clean up from a major attack.”

      “An early warning system gives you some time to take urgent action ahead of worm propagation. Just like with the hurricane warnings, you can learn about the nature of the attack and figure out ways to put defense systems in place before it becomes widespread,” he added.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×