Automated Worm Fingerprinting

[ Pobierz całość w formacie PDF ]

ment and Accounting. In Proceedings of the ACM SIGCOMM for the scaled bitmap data structure. Technical Report CS2004-
Conference, Aug. 2002. 0814, CSE Department, UCSD, Dec. 2004.
[11] C. Estan, G. Varghese, and M. Fisk. Bitmap algorithms for count- [37] S. Singh, G. Varghese, C. Estan, and S. Savage. Detecting Pub-
ing active flows on high speed links. In Proceedings of the ACM lic Network Attacks using Signatures and Fast Content Analysis.
Internet Measurement Conference, Oct. 2003. United States Patent Application.
[12] P. Flajolet and G. N. Martin. Probabilistic Counting Algorithms [38] A. C. Snoeren, C. Partridge, C. E. Jones, F. Tchakountio, S. T.
for Data Base Applications. Journal of Computer and System Kent, and W. T. Strayer. Hash-based IP Traceback. In Proceed-
Sciences, 31(2):182 209, Oct. 1985. ings of the ACM SIGCOMM Conference, Aug. 2001.
[13] P. B. Gibbons and Y. Matias. New Sampling-based Summary [39] E. Spafford. The Internet Worm: Crisis and Aftermath. Commu-
Statistics for Improving Approximate Query Answers. In Pro- nications of the ACM, 32(6):678 687, June 1989.
ceedings of the ACM SIGMOD Conference, June 1998. [40] N. T. Spring and D. Wetherall. A protocol-independent technique
[14] M. Handley, V. Paxson, and C. Kreibich. Network Intrusion De- for eliminating redundant network traffic. In Proceedings of the
tection: Evasion, Traffic Normalization and End-to-End Protocol ACM SIGOMM Conference, Aug. 2000.
Semantics. In Proceedings of the USENIX Security Symposium, [41] S. Staniford. Containment of Scanning Worms in Enterprise Net-
Aug. 2001. works. to appear in the Journal of Computer Security, 2004.
[15] J. O. Kephart and W. C. Arnold. Automatic extraction of com- [42] S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Inter-
puter virus signatures. In Proceedings of the 4th International net in Your Spare Time. In Proceedings of the USENIX Security
Virus Bulletin Conference, Sept. 1994. Symposium, Aug. 2002.
[16] K.-A. Kim and B. Karp. Autograph: Toward Automated [43] J. Twycross and M. M. Williamson. Implementing and Testing a
Distributed Worm Signature Detection. In Proceedings of Virus Throttle. In Proceedings of the USENIX Security Sympo-
the USENIX Security Symposium, Aug. 2004. sium, Aug. 2003.
[17] C. Kreibich and J. Crowcroft. Honeycomb Creating Intru- [44] H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield:
sion Detection Signatures Using Honeypots. In Proceedings of Vulnerability-Driven Network Filters for Preventing Known Vul-
the USENIX/ACM Workshop on Hot Topics in Networking, Nov. nerability Exploits. In Proceedings of the ACM SIGCOMM Con-
2003. ference, Aug. 2004.
[18] J. Levin, R. LaBella, H. Owen, D. Contis, and B. Culver. The [45] N. Weaver. Personal communication, 2002.
Use of Honeynets to Detect Exploited Systems Across Large En- [46] K.-Y. Whang, B. T. Vander-Zanden, and H. M. Taylor. A Linear-
terprise Networks. In Proceedings of the 2003 IEEE Workshop Time Probabilistic Counting Algorithm for Database Applica-
on Information Assurance, June 2003. tions. ACM Transactions on Database Systems, 15(2):208 229,
[19] J. W. Lockwood, J. Moscola, M. Kulig, D. Reddick, and 1990.
T. Brooks. Internet worm and virus protection in dynamically [ Pobierz całość w formacie PDF ]

Archiwum

Cytat