Title Fast Worm Containment Using Feedback Control
Publication Type Journal Article
Year of Publication 2007
Authors Dantu, R, Cangussu, J, Patwardhan, S
Journal IEEE Transactions on Dependable and Secure Computing
Volume 4
Pagination 119 - 136
Keywords communication/networking and information technology, computer networks, Computer systems organization, control engineering computing, general, invasive software, network security, network-level security and protection, PI control, process control systems., proportional-integral controller, special-purpose and application-based systems, state feedback, state-space feedback control, state-space methods, telecommunication security, worm containment
Abstract

In a computer network, network security is accomplished using elements such as firewalls, hosts, servers, routers, intrusion detection systems, and honey pots. These network elements need to know the nature or anomaly of the worm a priori to detect the attack. Modern viruses such as Code Red, Sapphire, and Nimda spread quickly. Therefore, it is impractical if not impossible for human mediated responses to these fast-spreading viruses. Several epidemic studies show that automatic tracking of resource usage and control provides an effective method to contain the damage. In this paper, we propose a novel security architecture based on the control system theory. In particular, we describe a state-space feedback control model that detects and control the spread of these viruses or worms by measuring the velocity of the number of new connections an infected host makes. The mechanism's objective is to slow down a worm's spreading velocity by controlling (delaying) the number of new connections made by an infected host. A proportional and integral (PI) controller is used for a continuous control of the feedback loop. The approach proposed here has been verified in a laboratory setup, and we were able to contain the infection so that it affected less than 5 percent of the hosts. We have also implemented a protocol for exchanging control-specific information between the network elements. The results from the simulation and experimental setup combined with the sensitivity analysis demonstrate the applicability and accuracy of the approach.

DOI 10.1109/TDSC.2007.1002

Publication Status:

UNT Department:

UNT Center:

UNT Lab: