EARLY DETECTION AND CONTAINMENT OF NETWORK WORM
Abstract
This paper presents a network security framework for containing the propagation of network worms. The framework employs a detection mechanism at the network layer to identify the presence of a network worm and a data-link containment solution to block the infected host. A prototype of the mechanism has been used to demonstrate the effectiveness of the developed framework. An empirical analysis of network worm propagation has been conducted to test the framework. The results show that the developed framework is effective in containing network worms with almost no false positives.