Worm Fingerprinting and Filtering In Linux Kernel With Netfilter
Course CS558L - Internetworking and Distributed Systems Laboratory
Professor William Cheng (course website)
Team Member Jui-Hung Chang, Shu-Fen Lin
Summary

Main Reference:

S. Singh, C. Estan, G. Varghese and S. Savage. Automated worm fingerprinting. Presented at Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI'04).

The idea of this project is that the packets containing the malicious program must have the same trunks located some where in these packets. In order to launch an effective attack, the amount of this kind of packets should be large. Therefore, if a program can detect this feature of the attack packets and then add the key into firewall, this program will work as a basic Intrusion Detection System (IDS).

In this project, we use popular ˇ§libpcapˇ¨ and Linux iptables to implement our system. The function blocks of this system is shown as follows.

system diagram
Realted Documents

Final Report (Here)
The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees