Malware defense using network security authentication

Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI:10.1109/IWIA.2005.11

Joseph V. Antrosio, E. Fulp

{"title":"Malware defense using network security authentication","authors":"Joseph V. Antrosio, E. Fulp","doi":"10.1109/IWIA.2005.11","DOIUrl":null,"url":null,"abstract":"Malware defenses have primarily relied upon intrusion fingerprints to detect suspicious network behavior. While effective for discovering computers that are already compromised, these systems are not designed to stop the spread or damage of malware. Standard gateway firewalls can prevent outside-based attacks; however, they are ineffective in a mobile network where threats originate from inside and administrators have limited control over client machines. This paper introduces a new strategy for malware defense using security authentication which focuses on vulnerabilities rather than exploits. The proposed system uses a remote security scanner to check for vulnerabilities and quarantines machines using logical network segmentation. This maximizes the usefulness of the machine in question while preventing attacks. Furthermore given the unique ability to quarantine machines without any specialized host software, the proposed system can defend against internal malware threats in a mobile network. Positive results have been achieved utilizing a proof-of-concept model and standard networking tools.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Third IEEE International Workshop on Information Assurance (IWIA'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2005.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Malware defenses have primarily relied upon intrusion fingerprints to detect suspicious network behavior. While effective for discovering computers that are already compromised, these systems are not designed to stop the spread or damage of malware. Standard gateway firewalls can prevent outside-based attacks; however, they are ineffective in a mobile network where threats originate from inside and administrators have limited control over client machines. This paper introduces a new strategy for malware defense using security authentication which focuses on vulnerabilities rather than exploits. The proposed system uses a remote security scanner to check for vulnerabilities and quarantines machines using logical network segmentation. This maximizes the usefulness of the machine in question while preventing attacks. Furthermore given the unique ability to quarantine machines without any specialized host software, the proposed system can defend against internal malware threats in a mobile network. Positive results have been achieved utilizing a proof-of-concept model and standard networking tools.

查看原文本刊更多论文

基于网络安全认证的恶意软件防御

恶意软件防御主要依靠入侵指纹来检测可疑的网络行为。虽然这些系统可以有效地发现已经被入侵的计算机，但它们的设计并不是为了阻止恶意软件的传播或破坏。标准网关防火墙可以防止来自外部的攻击;但是，它们在移动网络中是无效的，因为移动网络中的威胁来自内部，而且管理员对客户机的控制有限。本文介绍了一种基于安全认证的恶意软件防御策略，该策略侧重于漏洞而不是攻击。该系统使用远程安全扫描程序检查漏洞，并使用逻辑网络分段隔离计算机。这最大限度地提高了机器的有用性，同时防止了攻击。此外，由于该系统具有隔离机器的独特能力，无需任何专门的主机软件，因此可以抵御移动网络中的内部恶意软件威胁。利用概念验证模型和标准网络工具取得了积极的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Third IEEE International Workshop on Information Assurance (IWIA'05)

自引率

0.00%

发文量