worm blog: A Hybrid Quarantine Defense

« Enabling Worm and Malware Investigation Using Virtualization | Main | Worms and Viruses Are A Thing of the Past »

A Hybrid Quarantine Defense

Since I'm at WORM05 today, I figured I'd post a paper from WORM04. Having worked on a quarantine approach in a commercial solution, it's interesting to me to look at other approaches. This one, as the title suggests, combines approaches and models the results. An interesting study, although a shorter paper.

We study the strengths, weaknesses, and potential synergies of two complementary worm quarantine defense strategies under various worm attack profiles. We observe their abilities to delay or suppress infection growth rates under two propagation techniques and three scan rates, and explore the potential synergies in combining these two complementary quarantine strategies. We compare the performance of the individual strategies against a hybrid combination strategy, and conclude that the hybrid strategy yields substantial performance improvements, beyond what either technique provides independently. This result offers potential new directions in hybrid quarantine defenses.

Source: A Hybrid Quarantine Defense, Phillip Porras, Linda Briesemeister, Keith Skinner, Karl Levitt, Jeff Rowe, Yu-Cheng Allen Ting.

November 11, 2005 in defense, modeling, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit