Angelos Keromytis
Columbia University

An End-Point Solution to Zero-Day Worms


I will present a reactive mechanism that protects software services against
network worms and other similar malware for which no known fix is available at
the time of infection. The system works by automatically patching the
vulnerable software. Our preliminary results against worms like Slammer and
Blaster indicate an 80% success rate in automatically identifying and fixing
the flaw in the source code. I will discuss the design, implementation,
experimental evaluation, and limitations of the system, as well as our plans
for overcoming these. The system is part of SABER, a survivable services
architecture developed at the Network Security Lab at Columbia. 

For more details, see