Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. / Al-Salloum, Ziyad; Wolthusen, Stephen D.

ARES '10 International Conference on Availability, Reliability, and Security. IEEE Computer Society Press, 2010. p. 549-554.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. / Al-Salloum, Ziyad; Wolthusen, Stephen D.

ARES '10 International Conference on Availability, Reliability, and Security. IEEE Computer Society Press, 2010. p. 549-554.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Al-Salloum, Z & Wolthusen, SD 2010, Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. in ARES '10 International Conference on Availability, Reliability, and Security. IEEE Computer Society Press, pp. 549-554. https://doi.org/10.1109/ARES.2010.24

APA

Al-Salloum, Z., & Wolthusen, S. D. (2010). Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. In ARES '10 International Conference on Availability, Reliability, and Security (pp. 549-554). IEEE Computer Society Press. https://doi.org/10.1109/ARES.2010.24

Vancouver

Al-Salloum Z, Wolthusen SD. Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. In ARES '10 International Conference on Availability, Reliability, and Security. IEEE Computer Society Press. 2010. p. 549-554 https://doi.org/10.1109/ARES.2010.24

Author

Al-Salloum, Ziyad ; Wolthusen, Stephen D. / Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. ARES '10 International Conference on Availability, Reliability, and Security. IEEE Computer Society Press, 2010. pp. 549-554

BibTeX

@inproceedings{2ede023a987142e698cfda5e92beb6da,
title = "Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism",
abstract = "The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.",
author = "Ziyad Al-Salloum and Wolthusen, {Stephen D.}",
year = "2010",
month = feb,
day = "15",
doi = "10.1109/ARES.2010.24",
language = "English",
isbn = "978-1-4244-5879-0",
pages = "549--554",
booktitle = "ARES '10 International Conference on Availability, Reliability, and Security",
publisher = "IEEE Computer Society Press",

}

RIS

TY - GEN

T1 - Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism

AU - Al-Salloum, Ziyad

AU - Wolthusen, Stephen D.

PY - 2010/2/15

Y1 - 2010/2/15

N2 - The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.

AB - The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.

U2 - 10.1109/ARES.2010.24

DO - 10.1109/ARES.2010.24

M3 - Conference contribution

SN - 978-1-4244-5879-0

SP - 549

EP - 554

BT - ARES '10 International Conference on Availability, Reliability, and Security

PB - IEEE Computer Society Press

ER -