| |
Click here for full text:
Implementing and testing a virus throttle
Twycross, Jamie; Williamson, Matthew
HPL-2003-103
Keyword(s): No keywords available.
Abstract: In this paper we build on previous theoretical work and describe the implementation and testing of a virus throttle - a program, based on a new approach, that is able to substantially reduce the spread of and hence damage caused by mobile code such as worms and viruses. Our approach is different from current, signature- based anti-virus paradigms in that it identifies potential viruses based on their network behaviour and, instead of preventing such programs from entering a system, seeks to prevent them from leaving. The results presented here show that such an approach is effective in stopping the spread of a real worm, W32/Nimda-D, in under a second, as well as several different configurations of a testworm.
10 Pages
Back to Index
|
printable version
