Vigilante

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Vigilante: End-to-end containment of Internet worm epidemics

Full text

Pdf (1.99 MB)

Source

ACM Transactions on Computer Systems (TOCS) archive
Volume 26 , Issue 4 (December 2008) table of contents

Article No. 9

Year of Publication: 2008

ISSN:0734-2071

Authors

Manuel Costa	University of Cambridge and Microsoft Research, Cambridge, UK
Jon Crowcroft	University of Cambridge, Cambridge, UK
Miguel Castro	Microsoft Research, Cambridge, UK
Antony Rowstron	Microsoft Research, Cambridge, UK
Lidong Zhou	Microsoft Research, Cambridge, UK
Lintao Zhang	Microsoft Research, Cambridge, UK
Paul Barham	Microsoft Research, Cambridge, UK

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 31, Downloads (12 Months): 402, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1455258.1455259 What is a DOI?

ABSTRACT

Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end architecture to contain worms automatically that addresses these limitations.

In Vigilante, hosts detect worms by instrumenting vulnerable programs to analyze infection attempts. We introduce dynamic data-flow analysis: a broad-coverage host-based algorithm that can detect unknown worms by tracking the flow of data from network messages and disallowing unsafe uses of this data. We also show how to integrate other host-based detection mechanisms into the Vigilante architecture. Upon detection, hosts generate self-certifying alerts (SCAs), a new type of security alert that can be inexpensively verified by any vulnerable host. Using SCAs, hosts can cooperate to contain an outbreak, without having to trust each other. Vigilante broadcasts SCAs over an overlay network that propagates alerts rapidly and resiliently. Hosts receiving an SCA protect themselves by generating filters with vulnerability condition slicing: an algorithm that performs dynamic analysis of the vulnerable program to identify control-flow conditions that lead to successful attacks. These filters block the worm attack and all its polymorphic mutations that follow the execution path identified by the SCA.

Our results show that Vigilante can contain fast-spreading worms that exploit unknown vulnerabilities, and that Vigilante's filters introduce a negligible performance overhead. Vigilante does not require any changes to hardware, compilers, operating systems, or the source code of vulnerable programs; therefore, it can be used to protect current software binaries.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Mihai Budiu , Úlfar Erlingsson , Jay Ligatti, Control-flow integrity, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102165]
	2	Akamai. 2000. Press release: Akamai helps mcafee.com support flash crowds from iloveyou virus.
	3	Periklis Akritidis , Cristian Cadar , Costin Raiciu , Manuel Costa , Miguel Castro, Preventing Memory Error Exploits with WIT, Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008), p.263-277, May 18-21, 2008 [doi>10.1109/SP.2008.30]
	4	Dzintars Avots , Michael Dalton , V. Benjamin Livshits , Monica S. Lam, Improving software security with a C pointer analysis, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA [doi>10.1145/1062455.1062520]
	5	Michael Bailey , Evan Cooke , Farnam Jahanian , David Watson , Jose Nazario, The Blaster Worm: Then and Now, IEEE Security and Privacy, v.3 n.4, p.26-31, July 2005 [doi>10.1109/MSP.2005.106]
	6	Arash Baratloo , Navjot Singh , Timothy Tsai, Transparent run-time defense against stack smashing attacks, Proceedings of the annual conference on USENIX Annual Technical Conference, p.21-21, June 18-23, 2000, San Diego, California
	7	Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	8	Elena Gabriela Barrantes , David H. Ackley , Trek S. Palmer , Darko Stefanovic , Dino Dai Zovi, Randomized instruction set emulation to disrupt binary code injection attacks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948147]
	9	John Bethencourt , Jason Franklin , Mary Vernon, Mapping internet sensors with probe response attacks, Proceedings of the 14th conference on USENIX Security Symposium, p.13-13, July 31-August 05, 2005, Baltimore, MD
	10	Sanjay Bhansali , Wen-Ke Chen , Stuart de Jong , Andrew Edwards , Ron Murray , Milenko Drinić , Darek Mihočka , Joe Chau, Framework for instruction-level tracing and analysis of program executions, Proceedings of the 2nd international conference on Virtual execution environments, June 14-16, 2006, Ottawa, Ontario, Canada [doi>10.1145/1134760.1220164]
	11	Sandeep Bhatkar , Daniel C. DuVarney , R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits, Proceedings of the 12th conference on USENIX Security Symposium, p.8-8, August 04-08, 2003, Washington, DC
	12	Sandeep Bhatkar , R. Sekar , Daniel C. DuVarney, Efficient techniques for comprehensive protection from memory error exploits, Proceedings of the 14th conference on USENIX Security Symposium, p.17-17, July 31-August 05, 2005, Baltimore, MD
	13	Biba, K. J. 1977. Integrity considerations for secure computer systems. Tech. Rep. TR-3153, MITRE. April.
	14	blexim. 2002. Basic integer overflows. Phrack 60.
	15	Bochs. 2006. Bochs ia-32 emulator. http://bochs.sourceforge.net.
	16	Robert S. Boyer , Bernard Elspas , Karl N. Levitt, SELECT—a formal system for testing and debugging programs by symbolic execution, Proceedings of the international conference on Reliable software, p.234-245, April 21-23, 1975, Los Angeles, California
	17	Bruening, D., Duesterwald, E., and Amarasinghe, S. 2001. Design and implementation of a dynamic optimization framework for Windows. In Proceedings of the 4th ACM Workshop on Feedback-Directed and Dynamic Optimization.
	18	David Brumley , James Newsome , Dawn Song , Hao Wang , Somesh Jha, Towards Automatic Generation of Vulnerability-Based Signatures, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.2-16, May 21-24, 2006 [doi>10.1109/SP.2006.41]
	19	Bulba and Kil3r. 2000. Bypassing stackguard and stackshield. Phrack 10, 46 (May).
	20	William R. Bush , Jonathan D. Pincus , David J. Sielaff, A static analyzer for finding dynamic programming errors, Software—Practice & Experience, v.30 n.7, p.775-802, June 2000 [doi>10.1002/(SICI)1097-024X(200006)30:7<775::AID-SPE309>3.0.CO;2-H]
	21	Cardelli, L. 2004. Type systems. In The Computer Science and Engineering Handbook. CRC Press.
	22	Miguel Castro , Manuel Costa , Tim Harris, Securing software by enforcing data-flow integrity, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.11-11, November 06-08, 2006, Seattle, WA
	23	Miguel Castro , Manuel Costa , Antony Rowstron, Performance and Dependability of Structured Peer-to-Peer Overlays, Proceedings of the 2004 International Conference on Dependable Systems and Networks, p.9, June 28-July 01, 2004
	24	Miguel Castro , Peter Druschel , Ayalvadi Ganesh , Antony Rowstron , Dan S. Wallach, Secure routing for structured peer-to-peer overlay networks, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060317]
	25	CERT. 2001. Cert advisory ca-2001-26 nimda worm. http://www.cert.org/advisories/ca-2001-26.html.
	26	CERT. 2005. Technical cyber security alerts. http://www.us-cert.gov.
	27	Jun Xu , Nithin Nakka, Defeating Memory Corruption Attacks via Pointer Taintedness Detection, Proceedings of the 2005 International Conference on Dependable Systems and Networks, p.378-387, June 28-July 01, 2005 [doi>10.1109/DSN.2005.36]
	28	Shuo Chen , Jun Xu , Emre C. Sezer , Prachi Gauriar , Ravishankar K. Iyer, Non-control-data attacks are realistic threats, Proceedings of the 14th conference on USENIX Security Symposium, p.12-12, July 31-August 05, 2005, Baltimore, MD
	29	Chen, Z., Gao, L., and Kwiat, K. 2003. Modelling the spread of active worms. In Proceedings of the 22th IEEE Conference on Computer Communications.
	30	William R. Cheswick , Steven M. Bellovin , Aviel D. Rubin, Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2003
	31	Chinchani, R. and van den Berg, E. 2005. A fast static analysis approach to detect exploit code inside network flows. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection.
	32	RAD: A Compile-Time Solution to Buffer Overflow Attacks, Proceedings of the The 21st International Conference on Distributed Computing Systems, p.409, April 16-19, 2001
	33	Jim Chow , Ben Pfaff , Tal Garfinkel , Kevin Christopher , Mendel Rosenblum, Understanding data lifetime via whole system simulation, Proceedings of the 13th conference on USENIX Security Symposium, p.22-22, August 09-13, 2004, San Diego, CA
	34	F. Cohen, Computer viruses: theory and experiments, Computers and Security, v.6 n.1, p.22-35, Feb. 1987 [doi>10.1016/0167-4048(87)90122-2]
	35	Thomas T. Cormen , Charles E. Leiserson , Ronald L. Rivest, Introduction to algorithms, MIT Press, Cambridge, MA, 1990
	36	Manuel Costa , Miguel Castro , Lidong Zhou , Lintao Zhang , Marcus Peinado, Bouncer: securing software by blocking bad input, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA
	37	Costa, M., Crowcroft, J., Castro, M., and Rowstron, A. 2004. Can we contain Internet worms? In Proceedings of the 3rd Workshop on Hot Topics in Networks.
	38	Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: end-to-end containment of internet worms, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	39	Crispin Cowan , Matt Barringer , Steve Beattie , Greg Kroah-Hartman , Mike Frantzen , Jamie Lokier, FormatGuard: automatic protection from printf format string vulnerabilities, Proceedings of the 10th conference on USENIX Security Symposium, p.15-15, August 13-17, 2001, Washington, D.C.
	40	Crispin Cowan , Steve Beattie , John Johansen , Perry Wagle, Pointguard^TM: protecting pointers from buffer overflow vulnerabilities, Proceedings of the 12th conference on USENIX Security Symposium, p.7-7, August 04-08, 2003, Washington, DC
	41	Crispin Cowan , Calton Pu , Dave Maier , Heather Hintony , Jonathan Walpole , Peat Bakke , Steve Beattie , Aaron Grier , Perry Wagle , Qian Zhang, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks, Proceedings of the 7th conference on USENIX Security Symposium, p.5-5, January 26-29, 1998, San Antonio, Texas
	42	Jedidiah R. Crandall , Frederic T. Chong, Minos: Control Data Attack Prevention Orthogonal to Memory Model, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.221-232, December 04-08, 2004, Portland, Oregon [doi>10.1109/MICRO.2004.26]
	43	Jedidiah R. Crandall , Zhendong Su , S. Felix Wu , Frederic T. Chong, On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102152]
	44	Dark Spyrit. 1999. Win32 buffer overflows. Phrack 9, 55.
	45	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	46	Edsger W. Dijkstra, Guarded commands, nondeterminacy and formal derivation of programs, Communications of the ACM, v.18 n.8, p.453-457, Aug. 1975 [doi>10.1145/360933.360975]
	47	John R. Douceur, The Sybil Attack, Revised Papers from the First International Workshop on Peer-to-Peer Systems, p.251-260, March 07-08, 2002
	48	George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , Peter M. Chen, ReVirt: enabling intrusion analysis through virtual-machine logging and replay, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060309]
	49	Durden, T. 2002. Bypassing pax aslr protection. Phrack 59 (Jul.).
	50	Eichin, M. W. and Rochlis, J. A. 1989. With microscope and tweezers: An analysis of the Internet virus of November 1988. In Proceedings of the IEEE Symposium on Security and Privacy.
	51	E. N. (Mootaz) Elnozahy , Lorenzo Alvisi , Yi-Min Wang , David B. Johnson, A survey of rollback-recovery protocols in message-passing systems, ACM Computing Surveys (CSUR), v.34 n.3, p.375-408, September 2002 [doi>10.1145/568522.568525]
	52	Dawson Engler , David Yu Chen , Seth Hallem , Andy Chou , Benjamin Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
	53	David Evans , David Larochelle, Improving Security Using Extensible Lightweight Static Analysis, IEEE Software, v.19 n.1, p.42-51, January 2002 [doi>10.1109/52.976940]
	54	Henry Hanping Feng , Oleg M. Kolesnikov , Prahlad Fogla , Wenke Lee , Weibo Gong, Anomaly Detection Using Call Stack Information, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.62, May 11-14, 2003
	55	Fenton, J. 1973. Information protection systems. Ph.D. thesis, University of Cambridge.
	56	Fenton, J. 1974a. An abstract computer model demonstrating directional information flow. University of Cambridge, Cambridge, UK.
	57	Fenton, J. S. 1974b. Memoryless subsystems. Comput. J. 17, 2, 143--147.
	58	Prahlad Fogla , Monirul Sharif , Roberto Perdisci , Oleg Kolesnikov , Wenke Lee, Polymorphic blending attacks, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
	59	Forescout. 2006. Wormscout. http://www.forescout.com/wormscout.html.
	60	Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji , Thomas A. Longstaff, A Sense of Self for Unix Processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.120, May 06-08, 1996
	61	S. Forrest , A. Somayaji , D. Ackley, Building Diverse Computer Systems, Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), p.67, May 05-06, 1997
	62	Fraser, K. and Chang, F. 2003. Operating System I/O Speculation: How two invocations are faster than one. In Proceedings of the USENIX Annual Technical Conference.
	63	Ganesh, A., Gunawardena, D., Key, P., Massoulie, L., and Scott, J. 2006. Efficient quarantining of scanning worms: Optimal detection and coordination. In Proceedings of the 25th IEEE Conference on Computer Communications.
	64	Ganger, G., Economu, G., and Bielski, S. 2002. Self-Securing network interfaces: What, why and how. Tech. Rep. CS-02-144, Carnegie Mellon University. May.
	65	Georgatos, F., Gruber, F., Karrenberg, D., Santcroos, M., Uijterwaal, H., and Wilhelm, R. 2001. Providing Active Measurements as a Regular Service for ISPs. http://www.ripe.net/ttm.
	66	gera and riq. 2002. Advances in format string exploitation. Phrack 59 (Jul.).
	67	Giffin, J., Jha, S., and Miller, B. P. 2004. Efficient context-sensitive intrusion detection. In Proceedings of the 11th Annual Network and Distributed System Security Symposium.
	68	Goldenberg, J., Shavitt, Y., Shir, E., and Solomon, S. 2005. Distributive immunization of networks against viruses using the ‘honey pot’ architecture. Nature Phys. 1, 184--188.
	69	Heberlein, L. T., Dias, G., K, L., Wood, B. M. J., and Wolber, D. 1990. A network security monitor. In Proceedings of the IEEE Symposium on Security and Privacy.
	70	Herbert W. Hethcote, The Mathematics of Infectious Diseases, SIAM Review, v.42 n.4, p.599-653, Dec. 2000 [doi>10.1137/S0036144500371907]
	71	Alex Ho , Michael Fetterman , Christopher Clark , Andrew Warfield , Steven Hand, Practical taint-based protection using demand emulation, Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, April 18-21, 2006, Leuven, Belgium
	72	Steven A. Hofmeyr , Stephanie A. Forrest, Architecture for an Artificial Immune System, Evolutionary Computation, v.8 n.4, p.443-473, December 2000 [doi>10.1162/106365600568257]
	73	Holz, T. and Raynal, F. 2005. Detecting honeypots and other suspicious environments. In Workshop on Information Assurance and Security.
	74	Fu-Hau Hsu , Tzi-cker Chiueh, CTCP: A Transparent Centralized TCP/IP Architecture for Network Security, Proceedings of the 20th Annual Computer Security Applications Conference, p.335-344, December 06-10, 2004 [doi>10.1109/CSAC.2004.14]
	75	Hua, W., Ohlund, J., and Butterklee, B. 1999. Unraveling the mysteries of writing a winsock 2 layered service provider. Microsoft Syst. J.
	76	Galen Hunt , Doug Brubacher, Detours: binary interception of Win32 functions, Proceedings of the 3rd conference on USENIX Windows NT Symposium, p.14-14, July 12-15, 1999, Seattle, Washington
	77	Intel. 1999. Intel architecture software developer's manual, vol. 2: Instruction set reference.
	78	Trevor Jim , J. Greg Morrisett , Dan Grossman , Michael W. Hicks , James Cheney , Yanling Wang, Cyclone: A Safe Dialect of C, Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference, p.275-288, June 10-15, 2002
	79	Rob Johnson , David Wagner, Finding user/kernel pointer bugs with type inference, Proceedings of the 13th conference on USENIX Security Symposium, p.9-9, August 09-13, 2004, San Diego, CA
	80	Johnson, S. C. 1984. Lint, a C program checker. In Unix Programmer's Manual, 4.2. Berkeley Software Distribution Supplementary Documents.
	81	Jones, R. and Kelly, P. 1997. Backwards-Compatible bounds checking for arrays and pointers in C programs. In Proceedings of the International Workshop on Automatic Debugging.
	82	Ashlesha Joshi , Samuel T. King , George W. Dunlap , Peter M. Chen, Detecting past and present intrusions through vulnerability-specific predicates, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	83	jp. 2003. Advanced doug lea's malloc exploits. Phrack 61 (Sept.).
	84	Jaeyeon Jung , Hari Balakrishnan, Real-time detection of malicious network activity using stochastic models, Massachusetts Institute of Technology, Cambridge, MA, 2006
	85	Jung, J., Paxson, V., Berger, A. W., and Balakrishnan, H. 2004. Fast portscan detection using sequential hypothesis testing. In Proceedings of the IEEE Symposium on Security and Privacy.
	86	Gaurav S. Kc , Angelos D. Keromytis , Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948146]
	87	Kephart, J. O. and Arnold, W. C. 1994. Automatic extraction of computer virus signatures. In International Virus Bulletin Conference.
	88	Kephart, J. O., Sorkin, G. B., Swimmer, M., and White, S. R. 1997. Blueprint for a computer immune system. In International Virus Bulletin Conference.
	89	Kephart, J. O. and White, S. R. 1991. Directed-Graph epidemiological models of computer viruses. In Proceedings of the IEEE Symposium on Security and Privacy.
	90	Hyang-Ah Kim , Brad Karp, Autograph: toward automated, distributed worm signature detection, Proceedings of the 13th conference on USENIX Security Symposium, p.19-19, August 09-13, 2004, San Diego, CA
	91	James C. King, Symbolic execution and program testing, Communications of the ACM, v.19 n.7, p.385-394, July 1976 [doi>10.1145/360248.360252]
	92	Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
	93	Kreibich, C. and Crowcroft, J. 2003. Honeycomb Creating intrusion detection signatures using honeypots. In Proceedings of the 2nd Workshop on Hot Topics in Networks.
	94	Kruegel, C., Kirda, E., Mutz, D., Robertson, W., and Vigna, G. 2005. Polymorphic worm detection using structural information of executables. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection.
	95	Christopher Kruegel , Engin Kirda , Darren Mutz , William Robertson , Giovanni Vigna, Automating mimicry attacks using static binary analysis, Proceedings of the 14th conference on USENIX Security Symposium, p.11-11, July 31-August 05, 2005, Baltimore, MD
	96	David Larochelle , David Evans, Statically detecting likely buffer overflow vulnerabilities, Proceedings of the 10th conference on USENIX Security Symposium, p.14-14, August 13-17, 2001, Washington, D.C.
	97	Zhenkai Liang , R. Sekar, Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models, Proceedings of the 21st Annual Computer Security Applications Conference, p.215-224, December 05-09, 2005 [doi>10.1109/CSAC.2005.12]
	98	Zhenkai Liang , R. Sekar, Fast and automated generation of attack signatures: a basis for building self-protecting servers, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102150]
	99	V. Benjamin Livshits , Monica S. Lam, Finding security vulnerabilities in java applications with static analysis, Proceedings of the 14th conference on USENIX Security Symposium, p.18-18, July 31-August 05, 2005, Baltimore, MD
	100	Locasto, M., Sidiroglou, S., and Keromytis, A. 2006. Software self-healling using collaborative application communities. In Proceedings of the 13th Annual Network and Distributed System Security Symposium.
	101	Madhavapeddy, A. 2006. Creating high-performance statically type-safe network applications. Ph.D. thesis, University of Cambridge.
	102	Mirage. 2006. Mirage networks. http://www.miragenetworks.com.
	103	P. V. Mockapetris, Domain names - concepts and facilities, RFC Editor, 1987
	104	David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003 [doi>10.1109/MSECP.2003.1219056]
	105	David Moore , Colleen Shannon , k claffy, Code-Red: a case study on the spread and victims of an internet worm, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France [doi>10.1145/637201.637244]
	106	Moore, D., Shannon, C., Voelker, G., and Savage, S. 2003. Internet quarantine: Requirements for containing self-propagating code. In Proceedings of the 22th IEEE Conference on Computer Communications.
	107	Moore, D., Shannon, C., Voelker, G. M., and Savage, S. 2004. Network telescopes: Tech. Rep. CS2004-0795, University of California at San Diego. July.
	108	David Moore , Geoffrey M. Voelker , Stefan Savage, Inferring internet denial-of-service activity, Proceedings of the 10th conference on USENIX Security Symposium, p.2-2, August 13-17, 2001, Washington, D.C.
	109	Andrew C. Myers, JFlow: practical mostly-static information flow control, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.228-241, January 20-22, 1999, San Antonio, Texas, United States [doi>10.1145/292540.292561]
	110	George C. Necula , Peter Lee, Safe kernel extensions without run-time checking, Proceedings of the second USENIX symposium on Operating systems design and implementation, p.229-243, October 29-November 01, 1996, Seattle, Washington, United States
	111	George C. Necula , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy code, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.128-139, January 16-18, 2002, Portland, Oregon
	112	nergal. 2001. The advanced return-into-lib(c) exploits: Pax case study. Phrack 58.
	113	Nethercote, N. and Seward, J. 2003. Valgrind: A program supervision framework. In Proceedings of the 3rd Workshop on Runtime Verification (RV).
	114	James Newsome , Brad Karp , Dawn Song, Polygraph: Automatically Generating Signatures for Polymorphic Worms, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.226-241, May 08-11, 2005 [doi>10.1109/SP.2005.15]
	115	Newsome, J. and Song, D. 2005. Dynamic taint analysis for automatic detection, analysis and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium.
	116	One, A. 1996. Smashing the stack for fun and profit. Phrack 7, 49 (Nov.).
	117	Pasupulati, A., Coit, J., Levitt, K., Wu, S. F., Li, S. H., Kuo, J. C., and Fan, K. P. 2004. Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities. In Proceedings of the IEEE IFIP Network Operations and Management Symposium (NOMS).
	118	PAX. 2001. PaX system. http://pax.grsecurity.net/.
	119	Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.23-24, p.2435-2463, Dec. 1999 [doi>10.1016/S1389-1286(99)00112-7]
	120	Roberto Perdisci , David Dagon , Wenke Lee , Prahlad Fogla , Monirul Sharif, MisleadingWorm Signature Generators Using Deliberate Noise Injection, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.17-31, May 21-24, 2006 [doi>10.1109/SP.2006.26]
	121	PERL. 2006. Perl security manual page. http://www.perldoc.com.
	122	Georgios Portokalidis , Asia Slowinska , Herbert Bos, Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation, Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, April 18-21, 2006, Leuven, Belgium
	123	Niels Provos, A virtual honeypot framework, Proceedings of the 13th conference on USENIX Security Symposium, p.1-1, August 09-13, 2004, San Diego, CA
	124	Ptacek, T. H. and Newsham, T. N. 1998. Insertion, evasion, and denial of service: Eluding network intrusion detection. Tech. Rep., Secure Networks, Inc. January.
	125	QEMU. 2006. Qemu open source processor emulator. http://fabrice.bellard.free.fr/qemu/.
	126	Feng Qin , Joseph Tucek , Jagadeesan Sundaresan , Yuanyuan Zhou, Rx: treating bugs as allergies---a safe method to survive software failures, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	127	Costin Raiciu , Mark Handley , David S. Rosenblum, Exploit hijacking: side effects of smart defenses, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.123-130, September 11-15, 2006, Pisa, Italy [doi>10.1145/1162666.1162670]
	128	Martin Rinard , Cristian Cadar , Daniel Dumitran , Daniel M. Roy , Tudor Leu , William S. Beebee, Jr., Enhancing server availability and security through failure-oblivious computing, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.21-21, December 06-08, 2004, San Francisco, CA
	129	rix@hert.org. 2001. Writing ia32 alphanumeric shellcodes. Phrack 11, 57 (Aug.).
	130	Martin Roesch, Snort - Lightweight Intrusion Detection for Networks, Proceedings of the 13th USENIX conference on System administration, November 07-12, 1999, Seattle, Washington
	131	Ruwase, O. and Lam, M. 2004. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium.
	132	Schechter, S., Jung, J., and Berger, A. 2004. Fast detection of scanning worm infections. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection.
	133	SecurityFocus. 2002. Microsoft jvm class loader buffer overrun vulnerability. http://www.securityfocus.com/bid/6134.
	134	R. Sekar , M. Bendre , D. Dhurjati , P. Bollineni, A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.144, May 14-16, 2001
	135	Hovav Shacham , Matthew Page , Ben Pfaff , Eu-Jin Goh , Nagendra Modadugu , Dan Boneh, On the effectiveness of address-space randomization, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030124]
	136	Umesh Shankar , Kunal Talwar , Jeffrey S. Foster , David Wagner, Detecting format string vulnerabilities with type qaualifiers, Proceedings of the 10th conference on USENIX Security Symposium, p.16-16, August 13-17, 2001, Washington, D.C.
	137	Colleen Shannon , David Moore, The Spread of the Witty Worm, IEEE Security and Privacy, v.2 n.4, p.46-50, July 2004 [doi>10.1109/MSP.2004.59]
	138	Yoichi Shinoda , Ko Ikai , Motomu Itoh, Vulnerabilities of passive internet threat monitors, Proceedings of the 14th conference on USENIX Security Symposium, p.14-14, July 31-August 05, 2005, Baltimore, MD
	139	John F. Shoch , Jon A. Hupp, The “worm” programs—early experience with a distributed computation, Communications of the ACM, v.25 n.3, p.172-180, March 1982 [doi>10.1145/358453.358455]
	140	Stelios Sidiroglou , Michael E. Locasto , Stephen W. Boyd , Angelos D. Keromytis, Building a reactive immune system for software services, Proceedings of the annual conference on USENIX Annual Technical Conference, p.11-11, April 10-15, 2005, Anaheim, CA
	141	Sumeet Singh , Cristian Estan , George Varghese , Stefan Savage, Automated worm fingerprinting, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.4-4, December 06-08, 2004, San Francisco, CA
	142	Smirnov, A. and Chiueh, T. 2005. DIRA: Automatic detection, identification, and repair of control-hijacking attacks. In Proceedings of the 12th Annual Network and Distributed System Security Symposium.
	143	Anil Somayaji , Stephanie Forrest, Automated response using system-call delays, Proceedings of the 9th conference on USENIX Security Symposium, p.14-14, August 14-17, 2000, Denver, Colorado
	144	Ana Nora Sovarel , David Evans , Nathanael Paul, Where's the FEEB? the effectiveness of instruction set randomization, Proceedings of the 14th conference on USENIX Security Symposium, p.10-10, July 31-August 05, 2005, Baltimore, MD
	145	E. H. Spafford, Crisis and aftermath, Communications of the ACM, v.32 n.6, p.678-687, June 1989 [doi>10.1145/63526.63527]
	146	SPEC. Specweb99 benchmark. http://www.spec.org/osg/web99.
	147	Staniford, S. 2004. Containment of scanning worms in enterprise networks. J. Comput. Secur.
	148	Stuart Staniford , James A. Hoagland , Joseph M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, v.10 n.1-2, p.105-136, 2002
	149	Stuart Staniford , David Moore , Vern Paxson , Nicholas Weaver, The top speed of flash worms, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029618.1029624]
	150	Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
	151	Staniford-Chen, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., and Zerkle, D. 1996. GrIDS: A graph-based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference.
	152	G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas, Secure program execution via dynamic information flow tracking, Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, October 07-13, 2004, Boston, MA, USA
	153	Szor, P. and Ferrie, P. 2001. Hunting for metamorphic. In the International Virus Bulletin Conference.
	154	Tang, Y. and Chen, S. 2005. Defending against Internet worms: A signature-based approach. In Proceedings of the 24th IEEE Conference on Computer Communications.
	155	Toth, T. and Kruegel, C. 2002a. Accurate buffer overflow detection via abstract payload execution. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection.
	156	Toth, T. and Kruegel, C. 2002b. Connection-History based anomaly detection. In the IEEE Information Assurance Workshop.
	157	TPC. 1999. TPC-C online transaction processing benchmark. http://www.tpc.org/tpcc/default.asp.
	158	Vendicator. 2001. Stack shield technical info. http://www.angelfire.com/sk/stackshield.
	159	Vojnović, M. and Ganesh, A. 2005. On the race of worms, alerts and patches. In Proceedings of the 3rd Workshop on Rapid Malcode.
	160	Michael Vrable , Justin Ma , Jay Chen , David Moore , Erik Vandekieft , Alex C. Snoeren , Geoffrey M. Voelker , Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	161	Wagner, D., Foster, J. S., Brewer, E. A., and Aiken, A. 2000. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the 7th Annual Network and Distributed System Security Symposium.
	162	David Wagner , Paolo Soto, Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586145]
	163	Chenxi Wang , J. C. Knight , M. C. Elder, On computer viral infection and the effect of immunization, Proceedings of the 16th Annual Computer Security Applications Conference, p.246, December 11-15, 2000
	164	Helen J. Wang , Chuanxiong Guo , Daniel R. Simon , Alf Zugenmaier, Shield: vulnerability-driven network filters for preventing known vulnerability exploits, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
	165	Wang, K., Cretu, G., and Stolfo, S. J. 2005. Anomalous payload-based worm detection and signature generation. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection.
	166	Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu, SigFree: a signature-free buffer overflow attack blocker, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
	167	N. Weaver , D. Ellis , S. Staniford , V. Paxson, Worms vs. perimeters: the case for hard-LANs, Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium, p.70-76, August 05-07, 2004 [doi>10.1109/CONECT.2004.1375206]
	168	Nicholas Weaver , Stuart Staniford , Vern Paxson, Very fast containment of scanning worms, Proceedings of the 13th conference on USENIX Security Symposium, p.3-3, August 09-13, 2004, San Diego, CA
	169	Weiser, M. 1984. Program slicing. IEEE Trans. Softw. Eng. 10, 4, 352--357.
	170	Whyte, D., Kranakis, E., and Oorschot, P. C. V. 2005. Dns-Based detection of scanning worms in an enterprise network. In Proceedings of the 12th Annual Network and Distributed System Security Symposium.
	171	Wilander, J. and Kamkar, M. 2003. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the 10th Annual Network and Distributed System Security Symposium.
	172	Matthew M. Williamson, Throttling Viruses: Restricting propagation to defeat malicious mobile code, Proceedings of the 18th Annual Computer Security Applications Conference, p.61, December 09-13, 2002
	173	Glynn Winskel, The formal semantics of programming languages: an introduction, MIT Press, Cambridge, MA, 1993
	174	Yichen Xie , Alex Aiken, Scalable error detection using boolean satisfiability, Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.351-363, January 12-14, 2005, Long Beach, California, USA
	175	Xu, J., Kalbarczyk, Z., and Iyer, R. K. 2003. Transparent runtime randomization for security. In Proceedings of the IEEE Symposium on Reliability in Distributed Software (SRDS).
	176	Junfeng Yang , Paul Twohey , Dawson Engler , Madanlal Musuvathi, Using model checking to find serious file system errors, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.19-19, December 06-08, 2004, San Francisco, CA
	177	Vinod Yegneswaran , Jonathon T. Giffin , Paul Barford , Somesh Jha, An architecture for generating semantics-aware signatures, Proceedings of the 14th conference on USENIX Security Symposium, p.7-7, July 31-August 05, 2005, Baltimore, MD
	178	Zegura, E., Calvert, K., and Bhattacharjee, S. 1996. How to model an internetwork. In Proceedings of the Annual Joint Conference of the IEEE Computer Communications Societies (IEEE INFOCOM).
	179	Lantian Zheng , Stephen Chong , Andrew C. Myers , Steve Zdancewic, Using Replication and Partitioning to Build Secure Distributed Systems, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.236, May 11-14, 2003
	180	Cliff Changchun Zou , Lixin Gao , Weibo Gong , Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948136]