Abstract
The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.
Original language | English |
---|---|
Title of host publication | ARES '10 International Conference on Availability, Reliability, and Security |
Publisher | IEEE Computer Society Press |
Pages | 549-554 |
ISBN (Print) | 978-1-4244-5879-0 |
DOIs | |
Publication status | Published - 15 Feb 2010 |