Journal ArticleDOI
Inside the Slammer worm
David Moore,Vern Paxson,Stefan Savage,Colleen Shannon,Stuart Staniford,Nicholas Weaver +5 more
- Vol. 1, Iss: 4, pp 33-39
TLDR
The Slammer worm spread so quickly that human response was ineffective, and why was it so effective and what new challenges do this new breed of worm pose?Abstract:
The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what new challenges do this new breed of worm pose?.read more
Citations
More filters
Journal ArticleDOI
Identifying Propagation Sources in Networks: State-of-the-Art and Comparative Studies
TL;DR: The state-of-the-art in source identification techniques is reviewed and the pros and cons of current methods in this field are discussed and a series of experiments and comparisons based on various environment settings are provided.
Proceedings ArticleDOI
Operational experiences with high-volume network intrusion detection
TL;DR: This paper identifies and explores key factors with respect to resource management and efficient packet processing and highlight their impact using a set of real-world traces to gauge the trade-offs of tuning a NIDS.
Network Telescopes: Technical Report
TL;DR: The relationship between the size of the network telescope and its ability to detect network events is studied, its precision in determining event duration and rate is characterized, and practical considerations in the deployment of network telescopes are discussed.
Proceedings ArticleDOI
Loop-extended symbolic execution on binary programs
TL;DR: Loop-extended symbolic execution as discussed by the authors introduces symbolic variables for the number of times each loop executes, and links these with features of a known input grammar such as variable-length or repeating fields.
Proceedings ArticleDOI
RRE: A game-theoretic intrusion Response and Recovery Engine
TL;DR: The response and recovery engine (RRE) employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game to protect large networks for which attack-response trees have more than 500 nodes.
References
More filters
Proceedings Article
Inferring internet denial-of-service activity
TL;DR: This article presents a new technique, called “backscatter analysis,” that provides a conservative estimate of worldwide denial-of-service activity, and believes it is the first to provide quantitative estimates of Internet-wide denial- of- service activity.
Proceedings Article
How to Own the Internet in Your Spare Time
TL;DR: This work develops and evaluates several new, highly virulent possible techniques: hit-list scanning, permutation scanning, self-coordinating scanning, and use of Internet-sized hit-lists (which creates a flash worm).
Proceedings ArticleDOI
Code-Red: a case study on the spread and victims of an internet worm
TL;DR: The experience of the Code-Red worm demonstrates that wide-spread vulnerabilities in Internet hosts can be exploited quickly and dramatically, and that techniques other than host patching are required to mitigate Internet worms.
Proceedings ArticleDOI
Internet quarantine: requirements for containing self-propagating code
TL;DR: The design space of worm containment systems is described using three key parameters - reaction time, containment strategy and deployment scenario - and the lower bounds that any such system must exceed to be useful today are demonstrated.
Journal ArticleDOI
Inferring Internet denial-of-service activity
TL;DR: In this paper, the authors present a new technique, called backscatter analysis, that provides a conservative estimate of worldwide denial-of-service activity, and quantitatively assess the number, duration and focus of attacks, and qualitatively characterize their behavior.