A Hybrid Quarantine Defense Phillip Porras, Linda Briesemeister, Karl Levitt, Jeff Rowe, Yu-Cheng Allen Ting Department of Computer Science Keith Skinner University of California, Davis SRI International One Shields Avenue 333 Ravenswood Avenue Davis, CA 95616 Menlo Park, CA 94025 {levitt, rowe, yting}@cs.ucdavis.edu {phillip.porras, linda.briesemeister, keith.skinner}@sri.com We report on an ongoing study, in which we assess the com-ABSTRACT parative strengths of complementary quarantine philosophies, We study the strengths, weaknesses, and potential synergies of and explore the potential benefits of merging them to offer pro-two complementary worm quarantine defense strategies under tection that is significantly more effective than either approach various worm attack profiles. We observe their abilities to de- alone. Our current study examines two complementary worm lay or suppress infection growth rates under two propagation quarantine strategies: one relying on autonomous gateway pro-techniques and three scan rates, and explore the potential syner- tection devices, and the other relying on peer-based coordinated gies in combining these two complementary quarantine strate- sharing. Several variations of the algorithms discussed here gies.