In the time is takes to read this sentence, the Slammer worm was able to probe over a hundred million Internet hosts. Worse, this attack was both trivial and unsophisticated. Indeed, the ability to easily compromise tens of thousands of Internet hosts has emerged as the backbone of a criminal economy that includes SPAM, denial-of-service extortion, phishing, piracy and on-line identity theft. Keeping up with such prodigious speed and such broad reach continues to present new challenges for network monitoring and defense. This talk focuses on these scaling challenges in the context of two concrete systems: Earlybird - a line-rate system for automatically inferring signatures for new network worms in seconds, and Potemkin - a high-fidelity honeyfarm system designed to efficiently scale to millions of live hosts.
展开▼