PLAW: Packet Length based anti-worm system

 

Jeongkyu Lee: Digital Vaccine and Internet Immune System Lab. Graduate School of Information and Communication, Ajou University, Suwon 443-749, Republic of Korea. (TEL) +82-31-219-1812 (FAX) +82-31-219-1811 (E-Mail) jklee79@ajou.ac.kr (URL) http://iislab.ajou.ac.kr

Manpyo Hong: Digital Vaccine and Internet Immune System Lab. Graduate School of Information and Communication, Ajou University, Suwon 443-749, Republic of Korea. (TEL) +82-31-219-2438 (FAX) +82-31-219-1614 (E-Mail) mphong@ajou.ac.kr (URL) http://iislab.ajou.ac.kr

Wonil Kim: Sejong University, Seoul 143-747, Republic of Korea. (TEL) +82-2-3408-3795 ¡¡¡¡(E-Mail) wikim@sejong.ac.kr (URL) http://dasan.sejong.ac.kr/~wikim

 

Abstract

 

Active worm can cause network congestion in a very short time by exploiting today¡¯s high speed connection. In this paper, we propose the Packet Length based Anti-Worm system (PLAW) that detects the early propagation of unknown worm. This idea is based on the fact that the number of packets with the same length increases as worms spread. The PLAW is deployed at the router and compares the worm traffic with the normal traffic using the count information. The count information is the number of packet that has the same length within ¥Ät in a given network. The length is the total length field in IP Header. Our approach prevents the active worm from spreading itself without dependency of protocols in network layer.

 

Short Biography

 

Joengkyu Lee: Jeongkyu Lee is a Ph D. Student in the Graduate School of Information and Communication at Ajou University. His current research interests are Immune Network, Intrusion Tolerance System and privacy in Ubiquitous environment.

 

Before he joined the Ph D. student of Ajou University in 2004, He received a MS degree from the Graduate School of Information and Communication, Ajou University, in 2002.