Question
A self-propagation malware works as follows. When a machine is infected, it will initiate TCP connections with other machines that it has connected with before.
A self-propagation malware works as follows. When a machine is infected, it will initiate TCP connections with other machines that it has connected with before. Then 240KB data will be transferred to the target to infect it. Assume that the traffic is NOT encrypted.
Please explain, if we are using software defined networks (SDN), how can we detect and mitigate such attacks? Please discuss from the following aspects:
(1) what type of information does the SDN controller need to collect from network traffic and analyze to detect the anomaly?
(2) After detection, what will the controller do to stop further malware propagation?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Entrepreneurship
Authors: Andrew Zacharakis, William D Bygrave
5th Edition
1119563097, 9781119563099
