Thomas Tufts

Abstract

This goal of this research was to create a network-based malware quarantine system and test the effectiveness of it on the speed of worm propagation across a virtual network. Worms that spread in epidemic ways cause a large amount of financial and digital damage to the average Internet user while posing threats to the infrastructure of the Internet. This impact on consumers and the Internet as a whole can be significantly reduced through the implementation of a quarantine system at the network level. The quarantine system tested combined a network based vulnerability scanner, a Network Intrusion Detection System (NIDS), and a custom written control system to detect malware behavior on a network, and segregate those potentially compromised hosts from other hosts, with the intention of slowing the propagation of a network worm. A virtual test environment was used to track the propagation of a custom written worm as it spread to virtualized test machines. Before each test, the network was cleared of malware and the speed of propagation was documented. This data was analyzed to determine the most effective configuration that will still maintain network usability. After testing four variants of the custom worm with four different variations on the quarantine system configuration the spread data and quarantine system logs were analyzed to determine that the quarantine was in fact very effective against the spread and was able to slow or stop it in almost all simulations.

Library of Congress Subject Headings

Computer networks--Security measures; Intrusion detection systems (Computer security); Malware (Computer software)--Prevention; Computer viruses--Prevention

Publication Date

2-2-2011

Document Type

Thesis

Student Type

Graduate

Degree Name

Computing Security (MS)

Department, Program, or Center

Department of Computing Security (GCCIS)

Advisor

Bo Yuan

Advisor/Committee Member

Daryl Johnson

Advisor/Committee Member

William Stackpole

Comments

Physical copy available from RIT's Wallace Library at TK5105.59 .T84 2011

Campus

RIT – Main Campus

Plan Codes

COMPSEC-MS

Download

Share

COinS