Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism

2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI:10.1109/ARES.2010.24

Ziyad S. Al-Salloum, S. Wolthusen

{"title":"Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism","authors":"Ziyad S. Al-Salloum, S. Wolthusen","doi":"10.1109/ARES.2010.24","DOIUrl":null,"url":null,"abstract":"The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"134 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.

查看原文本刊更多论文

基于代理的链路层漏洞发现机制的安全性和性能研究

识别易受攻击的主机并随后部署缓解机制(如禁用服务或安装补丁)既需要时间，又容易出错。这部分是由于恶意蠕虫可以快速扫描网络以查找易受攻击的主机，但由于网络拓扑结构变得更加不稳定，并且易受攻击的主机可能仅在虚拟机或无线边缘网络等环境中间歇性可见，这一事实进一步加剧了这一问题。因此，在本文中，我们描述和评估了一种基于代理的机制，该机制使用生成树协议(STP)来获取底层网络拓扑的知识，以允许代理快速和资源高效地遍历网络，以及边缘节点上的残余扫描和缓解技术。我们报告了性能结果，将该机制与随机扫描蠕虫进行了比较，并证明尽管警告间隔非常有限，但网络免疫可以在很大程度上实现。我们还讨论了保护代理机制免受颠覆的机制，注意到在恶意代码的情况下也越来越多地部署了类似的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量