A self-propagation malware works as follows. When a machine is infected, it will initiate TCP connections with
Fantastic news! We've Found the answer you've been seeking!
Question:
A self-propagation malware works as follows. When a machine is infected, it will initiate TCP connections with other machines that it has connected with before. Then 240KB data will be transferred to the target to infect it. Assume that the traffic is NOT encrypted.
Please explain, if we are using software defined networks (SDN), how can we detect and mitigate such attacks? Please discuss from the following aspects:
(1) what type of information does the SDN controller need to collect from network traffic and analyze to detect the anomaly?
(2) After detection, what will the controller do to stop further malware propagation?
Related Book For
Posted Date: