Serum system: An automatic curing system for worms and buffer overflow-based botnets

Li Han Chen, Fu Hau Hsu, Shih Jen Chen, Chia Jun Lin, Yan Ling Hwang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We propose an automatic defense system, called Serum System, against scanning worms. The homeland security department of a country can use Serum System to protect its Internet infrastructure. When an infecting host is infecting a Serum System host, called Serum System Server (SSS), the SSS automatically replaces the shellcode inside the infecting string with its code (called serum code) and then uses the modified string (called serum string) to counterattack the infecting host and take control of it. The serum code transforms the infecting host into a Serum System Client (SSC) that has the same functions as the SSS and is immune to the same worm. Therefore, infecting hosts attacking SSSs or SSCs will transform themselves to SSCs. We implemented Serum System on Linux. Our analyses show Serum System can automatically defeat related infected hosts.

Original languageEnglish
Title of host publicationApplied Science and Precision Engineering Innovation
Pages923-927
Number of pages5
DOIs
StatePublished - 2014
EventInternational Applied Science and Precision Engineering Conference 2013, ASPEC 2013 - NanTou, Taiwan
Duration: 18 Oct 201322 Oct 2013

Publication series

NameApplied Mechanics and Materials
Volume479-480
ISSN (Print)1660-9336
ISSN (Electronic)1662-7482

Conference

ConferenceInternational Applied Science and Precision Engineering Conference 2013, ASPEC 2013
Country/TerritoryTaiwan
CityNanTou
Period18/10/1322/10/13

Keywords

  • Computer crime
  • Network security
  • System security
  • Worm

Fingerprint

Dive into the research topics of 'Serum system: An automatic curing system for worms and buffer overflow-based botnets'. Together they form a unique fingerprint.

Cite this