An Architecture for Network Security Using Feedback Control

In the past active worms have taken hours if not days to spread effectively. This gives sufficient time for humans to recognize the threat and limit the potential damage. This is not the case anymore. Modern viruses spread very quickly. Damage caused by modern computer viruses (example – Code red, sapphire and Nimda) is greatly enhanced by the rate at which they spread. Most of these viruses have an exponential spreading pattern. Future worms will exploit vulnerabilities in software systems that are not known prior to the attack. Neither the worm nor the vulnerabilities they exploit will be known before the attack and thus we cannot prevent the spread of these viruses by software patches or antiviral signatures. Hence there is a need to control fast spreading viruses automatically since they cannot be curtailed only by human initiated control. Some of the automatic approaches like quarantining the systems and shutting down the systems reduce the performance of the network. False positives are one more area of concern. Feedback control strategy is desirable in such systems because well-established techniques exist to handle and control such systems. Our technique is based on the fact that an infected machine tries to make connections at a faster rate than the machine that is not infected. The idea is to implement a filter, which restricts the rate at which a computer makes connection to other machines. The delay introduced by such an approach for normal traffic is very low (0.5-1 Hz). This rate can severely restrict the spread of high-speed worm spreading at rates of at least 200 Hz. As a first step, we apply feedback control to the first level of hierarchy (i.e., host). We will then expand the model to further levels (e.g., firewalls, IDS) as shown next in the description of the system architecture.

Authors and Affiliations

1. Department of Computer Science, University of North Texas,  

   Ram Dantu

2. Department of Computer Science, University of Texas at Dallas,  

   João W. Cangussu

Editors and Affiliations

1. Department of Library and Information Science, Rutgers University,  

   Paul Kantor

2. School of Communication, Information and Library Studies, Rutgers University, 4 Huntington Street, 08901-1071, New Brunswick, NJ, USA

   Gheorghe Muresan

3. Artificial Solutions, Altonaer Poststraße 13b, 22767, Hamburg, Germany

   Fred Roberts

4. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

   Daniel D. Zeng

5. Institute of Automation, Chinese Academy of Sciences, Beijing, China

   Fei-Yue Wang

6. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

   Hsinchun Chen

7. College of Computing, Georgia Tech Information Security Center, Georgia Institute of Technology, 801 Atlantic Drive, 30332-0280, Atlanta, GA, USA

   Ralph C. Merkle

Reprints and permissions

© 2005 Springer-Verlag Berlin Heidelberg

Policies and ethics