A Network Worm Vaccine Architecture

Sidiroglou, Stelios; Keromytis, Angelos D.

The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. We present the first reaction mechanism that seeks to automatically patch vulnerable software. Our system employs a collection of sensors that detect and capture potential worm infection vectors. We automatically test the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. Our heuristics allow us to automatically generate patches that can protect against certain classes of attack, and test the resistance of the patched application against the infection vector. We describe our system architecture, discuss the various components, and propose directions for future research.



Also Published In

Twelfth IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises : WET ICE 2003: proceedings: June 9-11, 2003: Johannes Kepler University of Linz, Austria
IEEE Computer Society

More About This Work

Academic Units
Computer Science
Published Here
July 12, 2012