Maximize
Bookmark

VX Heavens

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Implementing and testing a virus throttle

Jamie Twycross, Matthew Williamson
Proceedings of the 12th USENIX Security Symposium, August 4-8, 2003, Washington, DC, USA
May 2003

2
PDFDownload PDF (136.83Kb) (You need to be registered on forum)
[Back to index] [Comments (0)]

Abstract

In this paper we build on previous theoretical work and describe the implementation and testing of a virus throttle - a program, based on a new approach, that is able to substantially reduce the spread of and hence damage caused by mobile code such as worms and viruses. Our approach is different from current, signature-based anti-virus paradigms in that it identifies potential viruses based on their network behaviour and, instead of preventing such programs from entering a system, seeks to prevent them from leaving. The results presented here show that such an approach is effective in stopping the spread of a real worm, W32/Nimda-D, in under a second, as well as several different configurations of a test worm.

[Read the article]

deenesitfrplruua