USENIX Conference Policies
Implementing and Testing a Virus Throttle
In this paper we build on previous theoretical work and describe the implementation and testing of a virus throttle - a program, based on a new approach, that is able to substantially reduce the spread of and hence damage caused by mobile code such as worms and viruses. Our approach is different from current, signature-based anti-virus paradigms in that it identifies potential viruses based on their network behaviour and, instead of preventing such programs from entering a system, seeks to prevent them from leaving. The results presented here show that such an approach is effective in stopping the spread of a real worm, W32/Nimda-D, in under a second, as well as several different configurations of a test worm.
BibTeX
@inproceedings {270144,
author = {Jamie Twycross and Matthew M. Williamson},
title = {Implementing and Testing a Virus Throttle},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/implementing-and-testing-virus-throttle},
publisher = {USENIX Association},
month = aug
}
author = {Jamie Twycross and Matthew M. Williamson},
title = {Implementing and Testing a Virus Throttle},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/implementing-and-testing-virus-throttle},
publisher = {USENIX Association},
month = aug
}