Resilience Strategies for Networked Malware Detection and Remediation View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2012

AUTHORS

Yue Yu , Michael Fry , Bernhard Plattner , Paul Smith , Alberto Schaeffer-Filho

ABSTRACT

Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be effective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm’s signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel resilience strategy for the detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various traffic features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is flexible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms. More... »

PAGES

233-247

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-642-34601-9_18

DOI

http://dx.doi.org/10.1007/978-3-642-34601-9_18

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1030249870


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "School of Information Technologies, University of Sydney, Australia", 
          "id": "http://www.grid.ac/institutes/grid.1013.3", 
          "name": [
            "School of Information Technologies, University of Sydney, Australia"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Yu", 
        "givenName": "Yue", 
        "id": "sg:person.010423752343.04", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010423752343.04"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "School of Information Technologies, University of Sydney, Australia", 
          "id": "http://www.grid.ac/institutes/grid.1013.3", 
          "name": [
            "School of Information Technologies, University of Sydney, Australia"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Fry", 
        "givenName": "Michael", 
        "id": "sg:person.014127665351.33", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014127665351.33"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Plattner", 
        "givenName": "Bernhard", 
        "id": "sg:person.014505216753.38", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014505216753.38"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Safety and Security Department, AIT Austrian Institute of Technology, Austria", 
          "id": "http://www.grid.ac/institutes/grid.4332.6", 
          "name": [
            "Safety and Security Department, AIT Austrian Institute of Technology, Austria"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Smith", 
        "givenName": "Paul", 
        "id": "sg:person.015112647531.58", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015112647531.58"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "School of Computing and Communications, Lancaster University, UK", 
          "id": "http://www.grid.ac/institutes/grid.9835.7", 
          "name": [
            "School of Computing and Communications, Lancaster University, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Schaeffer-Filho", 
        "givenName": "Alberto", 
        "id": "sg:person.016661106103.79", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016661106103.79"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2012", 
    "datePublishedReg": "2012-01-01", 
    "description": "Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be effective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm\u2019s signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel resilience strategy for the detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various traffic features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is flexible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms.", 
    "editor": [
      {
        "familyName": "Xu", 
        "givenName": "Li", 
        "type": "Person"
      }, 
      {
        "familyName": "Bertino", 
        "givenName": "Elisa", 
        "type": "Person"
      }, 
      {
        "familyName": "Mu", 
        "givenName": "Yi", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-642-34601-9_18", 
    "inLanguage": "en", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-642-34600-2", 
        "978-3-642-34601-9"
      ], 
      "name": "Network and System Security", 
      "type": "Book"
    }, 
    "keywords": [
      "multi-stage deployment", 
      "network challenges", 
      "worm detection", 
      "worm signatures", 
      "worm attacks", 
      "unknown attacks", 
      "traffic features", 
      "new worms", 
      "remediation", 
      "network", 
      "real time", 
      "malware detection", 
      "detection", 
      "system infrastructure", 
      "malware", 
      "vulnerable hosts", 
      "resilience mechanisms", 
      "deployment", 
      "attacks", 
      "common approach", 
      "serious threat", 
      "human reactions", 
      "infrastructure", 
      "level of remediation", 
      "large number", 
      "strategies", 
      "advantages", 
      "resilience strategies", 
      "challenges", 
      "approach", 
      "paper", 
      "reaction", 
      "simulations", 
      "method", 
      "mechanism", 
      "features", 
      "signatures", 
      "threat", 
      "host", 
      "worms", 
      "time", 
      "research", 
      "early onset", 
      "number", 
      "types", 
      "further mechanism", 
      "levels", 
      "onset", 
      "timescales"
    ], 
    "name": "Resilience Strategies for Networked Malware Detection and Remediation", 
    "pagination": "233-247", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1030249870"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-642-34601-9_18"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-642-34601-9_18", 
      "https://app.dimensions.ai/details/publication/pub.1030249870"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-06-01T22:34", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220601/entities/gbq_results/chapter/chapter_404.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-642-34601-9_18"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-34601-9_18'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-34601-9_18'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-34601-9_18'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-34601-9_18'


 

This table displays all metadata directly associated to this object as RDF triples.

156 TRIPLES      23 PREDICATES      75 URIs      68 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-642-34601-9_18 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author N952b51353a2e4ed4b0ca17e8f6b01b8b
4 schema:datePublished 2012
5 schema:datePublishedReg 2012-01-01
6 schema:description Network propagated malware such as worms are a potentially serious threat, since they can infect and damage a large number of vulnerable hosts at timescales in which human reaction is unlikely to be effective. Research on worm detection has produced many approaches to identifying them. A common approach is to identify a worm’s signature. However, as worms continue to evolve, this method is incapable of detecting and mitigating new worms in real time. In this paper, we propose a novel resilience strategy for the detection and remediation of networked malware based on progressive, multi-stage deployment of resilience mechanisms. Our strategy monitors various traffic features to detect the early onset of an attack, and then applies further mechanisms to progressively identify the attack and apply remediation to protect the network. Our strategy can be adapted to detect known attacks such as worms, and also to provide some level of remediation for new, unknown attacks. Advantages of our approach are demonstrated via simulation of various types of worm attack on an Autonomous System infrastructure. Our strategy is flexible and adaptable, and we show how it can be extended to identify and remediate network challenges other than worms.
7 schema:editor Nf93080fea33e4a3b82f528910fa5e483
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree false
11 schema:isPartOf Nb6e83c92abec4293b736b968f703ff21
12 schema:keywords advantages
13 approach
14 attacks
15 challenges
16 common approach
17 deployment
18 detection
19 early onset
20 features
21 further mechanism
22 host
23 human reactions
24 infrastructure
25 large number
26 level of remediation
27 levels
28 malware
29 malware detection
30 mechanism
31 method
32 multi-stage deployment
33 network
34 network challenges
35 new worms
36 number
37 onset
38 paper
39 reaction
40 real time
41 remediation
42 research
43 resilience mechanisms
44 resilience strategies
45 serious threat
46 signatures
47 simulations
48 strategies
49 system infrastructure
50 threat
51 time
52 timescales
53 traffic features
54 types
55 unknown attacks
56 vulnerable hosts
57 worm attacks
58 worm detection
59 worm signatures
60 worms
61 schema:name Resilience Strategies for Networked Malware Detection and Remediation
62 schema:pagination 233-247
63 schema:productId N73a8bec1201b4ca0a20a271d0ab798cf
64 Nc9c57391898e42aa9bb0590d5f3829eb
65 schema:publisher N0d93e21c72d14b5ba81d9505afc6a13e
66 schema:sameAs https://app.dimensions.ai/details/publication/pub.1030249870
67 https://doi.org/10.1007/978-3-642-34601-9_18
68 schema:sdDatePublished 2022-06-01T22:34
69 schema:sdLicense https://scigraph.springernature.com/explorer/license/
70 schema:sdPublisher N07893b4ab11a47a1ad431dda2e5401a5
71 schema:url https://doi.org/10.1007/978-3-642-34601-9_18
72 sgo:license sg:explorer/license/
73 sgo:sdDataset chapters
74 rdf:type schema:Chapter
75 N0721e406da8249ff9e59dcce066b7650 schema:familyName Xu
76 schema:givenName Li
77 rdf:type schema:Person
78 N07893b4ab11a47a1ad431dda2e5401a5 schema:name Springer Nature - SN SciGraph project
79 rdf:type schema:Organization
80 N0d93e21c72d14b5ba81d9505afc6a13e schema:name Springer Nature
81 rdf:type schema:Organisation
82 N136200e64bce4be2b336ddd7ebaea2ee rdf:first N92dd756e60024c8f97062cd3e3f8946f
83 rdf:rest N545e97f935094d4e9c5357fc47b5002a
84 N2d583d50561d4497a2501c08681234ef rdf:first sg:person.015112647531.58
85 rdf:rest Nd9441cff27d3440a94260ecd9cf79af7
86 N545e97f935094d4e9c5357fc47b5002a rdf:first N54999f1de78c4fa591f4e20a9e7023b9
87 rdf:rest rdf:nil
88 N54999f1de78c4fa591f4e20a9e7023b9 schema:familyName Mu
89 schema:givenName Yi
90 rdf:type schema:Person
91 N73a8bec1201b4ca0a20a271d0ab798cf schema:name dimensions_id
92 schema:value pub.1030249870
93 rdf:type schema:PropertyValue
94 N79212d3ae6f14f2797ab170c40beebe4 rdf:first sg:person.014127665351.33
95 rdf:rest Nc402459d7ee449c7bdb6b968476b32a5
96 N92dd756e60024c8f97062cd3e3f8946f schema:familyName Bertino
97 schema:givenName Elisa
98 rdf:type schema:Person
99 N952b51353a2e4ed4b0ca17e8f6b01b8b rdf:first sg:person.010423752343.04
100 rdf:rest N79212d3ae6f14f2797ab170c40beebe4
101 Nb6e83c92abec4293b736b968f703ff21 schema:isbn 978-3-642-34600-2
102 978-3-642-34601-9
103 schema:name Network and System Security
104 rdf:type schema:Book
105 Nc402459d7ee449c7bdb6b968476b32a5 rdf:first sg:person.014505216753.38
106 rdf:rest N2d583d50561d4497a2501c08681234ef
107 Nc9c57391898e42aa9bb0590d5f3829eb schema:name doi
108 schema:value 10.1007/978-3-642-34601-9_18
109 rdf:type schema:PropertyValue
110 Nd9441cff27d3440a94260ecd9cf79af7 rdf:first sg:person.016661106103.79
111 rdf:rest rdf:nil
112 Nf93080fea33e4a3b82f528910fa5e483 rdf:first N0721e406da8249ff9e59dcce066b7650
113 rdf:rest N136200e64bce4be2b336ddd7ebaea2ee
114 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
115 schema:name Information and Computing Sciences
116 rdf:type schema:DefinedTerm
117 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
118 schema:name Artificial Intelligence and Image Processing
119 rdf:type schema:DefinedTerm
120 sg:person.010423752343.04 schema:affiliation grid-institutes:grid.1013.3
121 schema:familyName Yu
122 schema:givenName Yue
123 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010423752343.04
124 rdf:type schema:Person
125 sg:person.014127665351.33 schema:affiliation grid-institutes:grid.1013.3
126 schema:familyName Fry
127 schema:givenName Michael
128 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014127665351.33
129 rdf:type schema:Person
130 sg:person.014505216753.38 schema:affiliation grid-institutes:grid.5801.c
131 schema:familyName Plattner
132 schema:givenName Bernhard
133 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014505216753.38
134 rdf:type schema:Person
135 sg:person.015112647531.58 schema:affiliation grid-institutes:grid.4332.6
136 schema:familyName Smith
137 schema:givenName Paul
138 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015112647531.58
139 rdf:type schema:Person
140 sg:person.016661106103.79 schema:affiliation grid-institutes:grid.9835.7
141 schema:familyName Schaeffer-Filho
142 schema:givenName Alberto
143 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016661106103.79
144 rdf:type schema:Person
145 grid-institutes:grid.1013.3 schema:alternateName School of Information Technologies, University of Sydney, Australia
146 schema:name School of Information Technologies, University of Sydney, Australia
147 rdf:type schema:Organization
148 grid-institutes:grid.4332.6 schema:alternateName Safety and Security Department, AIT Austrian Institute of Technology, Austria
149 schema:name Safety and Security Department, AIT Austrian Institute of Technology, Austria
150 rdf:type schema:Organization
151 grid-institutes:grid.5801.c schema:alternateName Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland
152 schema:name Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland
153 rdf:type schema:Organization
154 grid-institutes:grid.9835.7 schema:alternateName School of Computing and Communications, Lancaster University, UK
155 schema:name School of Computing and Communications, Lancaster University, UK
156 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...