Seminar -- Wed., Feb. 26th, 2003

Speaker: Nicholas Weaver, Silicon Defense/UC Berkeley

Title: "How Many Ways to Own the Internet: Towards Viable Worm Defenses"

Abstract:

Computer worms, autonomous programs which can spread through a computer network, represent a substantial threat to our computing infrastructure. With the release of Sapphire/Slammer, very fast computer worms are now a real, not theoretical threat. Such worms easily outpace human defenses. Any robust defense will require automatic detection, analysis, and response mechanisms.

To create these defenses, we first must understand the strategies attackers could employ. Fortunately, there seem to be only a few mechanisms which worms can use to find new targets: random selection, external, pregenerated, and internal target lists, and passive techniques. Some of these techniques have been used before, while others represent novel strategies. Understanding these techniques, it becomes possible to construct detectors, analysis tools, and response mechanisms. We then discuss in detail one of our proposed detector/analysis system, wormholes and a honeyfarm. This detector would be highly sensitive to worm activity.