This goal of this research was to create a network-based malware quarantine system and test the effectiveness of it on the speed of worm propagation across a virtual network. Worms that spread in epidemic ways cause a large amount of financial and digital damage to the average Internet user while posing threats to the infrastructure of the Internet. This impact on consumers and the Internet as a whole can be significantly reduced through the implementation of a quarantine system at the network level. The quarantine system tested combined a network based vulnerability scanner, a Network Intrusion Detection System (NIDS), and a custom written control system to detect malware behavior on a network, and segregate those potentially compromised hosts from other hosts, with the intention of slowing the propagation of a network worm. A virtual test environment was used to track the propagation of a custom written worm as it spread to virtualized test machines. Before each test, the network was cleared of malware and the speed of propagation was documented. This data was analyzed to determine the most effective configuration that will still maintain network usability. After testing four variants of the custom worm with four different variations on the quarantine system configuration the spread data and quarantine system logs were analyzed to determine that the quarantine was in fact very effective against the spread and was able to slow or stop it in almost all simulations.
Library of Congress Subject Headings
Computer networks--Security measures; Intrusion detection systems (Computer security); Malware (Computer software)--Prevention; Computer viruses--Prevention
Computing Security (MS)
Department, Program, or Center
Department of Computing Security (GCCIS)
Tufts, Thomas, "Network Based Malware Defense" (2011). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus