Je hebt een klacht over de onderstaande posting:
It is possible to implement host-based detection engines [9, 1] with broad coverage that detect infection attempts with low false negatives and virtually no false positives but the overhead of detection usually grows with the degree of coverage. It would be possible to run these expensive engines continuously on a few dedicated hosts but this centralization would result in false negatives because worms can simply avoid the detectors during propagation. Vigilante relies on a large scale collaborative worm detection architecture to overcome these problems: every host can be a detector and detectors broadcast an alert to other hosts when they detect a worm outbreak. Vigilante introduces self-certifying alerts (SCAs) to eliminate the need for trusting detectors. SCAs are machine-verifiable proofs of vulnerability; they prove that an application is vulnerable. Any host can verify an SCA by using information in the SCA to reproduce the infection. By decoupling vulnerability ...
Beschrijf je klacht (Optioneel):