A Reputation-based System for the Quarantine of Random Scanning Worms Scott E. Coull Boleslaw K. Szymanski The Internet infrastructure, which has become so critical in our everyday lives, needs automated protection from worm attacks. We propose a system that uses the ideas of reputation and recommendation to effectively quarantine random scanning worms on the Internet. A trust model, based on the passing of recommendations among participating autonomous systems, is used to modulate a localized reputation value that indicates the notoriety, or disrepute, of the attacker. This allows us to enact localized blocking of worm traffic commensurate with the notoriety of the attacker, eventually leading to a global blocking strategy for globally notorious attackers. Unlike previous attempts at collaborative worm containment, our approach’s reliance on a trust model provides resilience to Byzantine failures and allows it to be used within the Internet at-large, rather than restricting it to enterprise networks within a single administrative domain. Using simulations, we demonstrate that our reputation-based system is capable of quickly quarantining worms that are many orders of magnitude more virulent than worms released into the Internet thus far. We also discuss the possible uses of the system in quarantining other types of malicious behavior, such as spam and viruses, which have widereaching global effects. Department of Computer Science, Rensselaer Polytechnic Institute, Troy, NY cs-05-01
A Reputation-based System for the Quarantine of Random Scanning Worms
Scott E. Coull
Boleslaw K. Szymanski
The Internet infrastructure, which has become so critical in our everyday lives, needs automated protection from worm attacks. We propose a system that uses the ideas of reputation and recommendation to effectively quarantine random scanning worms on the Internet. A trust model, based on the passing of recommendations among participating autonomous systems, is used to modulate a localized reputation value that indicates the notoriety, or disrepute, of the attacker. This allows us to enact localized blocking of worm traffic commensurate with the notoriety of the attacker, eventually leading to a global blocking strategy for globally notorious attackers. Unlike previous attempts at collaborative worm containment, our approach’s reliance on a trust model provides resilience to Byzantine failures and allows it to be used within the Internet at-large, rather than restricting it to enterprise networks within a single administrative domain. Using simulations, we demonstrate that our reputation-based system is capable of quickly quarantining worms that are many orders of magnitude more virulent than worms released into the Internet thus far. We also discuss the possible uses of the system in quarantining other types of malicious behavior, such as spam and viruses, which have widereaching global effects.
Department of Computer Science, Rensselaer Polytechnic Institute, Troy, NY
cs-05-01