Computer Worm Ecology in Encounter-based Networks (Invited Paper)

Encounter-based network is a frequently- disconnected wireless ad-hoc network requiring immediate neighbors to store and forward aggregated data for information disseminations. Using traditional approaches such as gateways or firewalls for deterring worm propagation in encounter-based networks is inappropriate. Because this type of network is highly dynamic and has no specific boundary, we need a fully distributed security response mechanism. We propose the worm interaction approach that relies upon automated beneficial worm generation aiming to alleviate problems of worm propagations in such networks. This work is motivated by the 'War of the Worms' of the Internet worms between competing worms such as NetSky, Bagle and MyDoom. To understand the dynamic of worm interactions and its performance, we mathematically model several classes of worms and interactions using ordinary differential equations and analyze their behaviors.

[1]  Ahmed Helmy,et al.  Brief Announcement: Analyzing the Interactions of Self-propagating Codes in Multi-hop Networks , 2006, SSS.

[2]  H. Trottier,et al.  Deterministic Modeling Of Infectious Diseases: Theory And Methods , 2000 .

[3]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[4]  Ram Dantu,et al.  Dynamic control of worm propagation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[5]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[6]  David M. Nicol,et al.  Multiscale Modeling and Simulation of Worm Effects on the Internet Routing Infrastructure , 2003, Computer Performance Evaluation / TOOLS.

[7]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[8]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[9]  David M. Nicol,et al.  Models and Analysis of Active Worm Defense , 2005, MMM-ACNS.

[10]  J. Frauenthal Mathematical Modeling in Epidemiology , 1980 .

[11]  Ayalvadi J. Ganesh,et al.  On the effectiveness of automatic patching , 2005, WORM '05.

[12]  A. Helmy,et al.  VACCINE : War of the Worms in Wired and Wireless Networks , 2005 .

[13]  Donald F. Towsley,et al.  Performance modeling of epidemic routing , 2006, Comput. Networks.

[14]  Jun Xu,et al.  WORM vs. WORM: preliminary study of an active counter-attack mechanism , 2004, WORM '04.

[15]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[16]  Vern Paxson,et al.  Proceedings of the 13th USENIX Security Symposium , 2022 .

[17]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[18]  George Kesidis,et al.  Preliminary results using scale-down to explore worm dynamics , 2004, WORM '04.

[19]  Amin Vahdat,et al.  Epidemic Routing for Partially-Connected Ad Hoc Networks , 2009 .