Date Added: Jan 2011
The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. The authors present the first reaction mechanism that seeks to automatically patch vulnerable software. The system employs a collection of sensors that detect and capture potential worm infection vectors. They automatically test the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. The heuristics allow one to automatically generate patches that can protect against certain classes of attack, and test the resistance of the patched application against the infection vector.