Accelerating the Propagation of Active Worms by Employing Multiple Target Discovery Techniques

Recently, active worms have done significant damage due to their rapid propagation over the Internet. We studied propagation mechanisms of active worms employing single target discovery technique and various combinations of two or three different target discovery techniques from attackers' perspective. We performed a series of simulation experiments to investigate their propagation characteristics under various scenarios. We found uniform scanning to be an indispensable elementary target discovery technique of active worms. Our major contributions in this paper are first, we proposed the discrete time deterministic Compensation Factor Adjusted Propagation (CFAP) model of active worms; and second, we suggested the combination of target discovery techniques that can best accelerate propagation of active worms discovered from results of the comprehensive simulations. The significance of this paper lies in it being very beneficial to understanding of propagation mechanisms of active worms, and thus building effective and efficient defense systems against their propagation.

[1]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[2]  Alexander Grey,et al.  The Mathematical Theory of Infectious Diseases and Its Applications , 1977 .

[3]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[4]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[5]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[6]  Hal Berghel,et al.  The Code Red Worm , 2001, CACM.

[7]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[8]  Yang Wang,et al.  Modeling the effects of timing parameters on virus propagation , 2003, WORM '03.

[9]  Yang Xiang,et al.  Propagation of active worms: A survey , 2009, Comput. Syst. Sci. Eng..

[10]  Tamer Basar,et al.  Stochastic behavior of random constant scanning worms , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[11]  H. Andersson,et al.  Stochastic Epidemic Models and Their Statistical Analysis , 2000 .

[12]  Saurabh Bagchi,et al.  Modeling and Automated Containment of Worms , 2008, IEEE Trans. Dependable Secur. Comput..

[13]  N. Ling The Mathematical Theory of Infectious Diseases and its applications , 1978 .

[14]  Stefan Savage,et al.  Self-stopping worms , 2005, WORM '05.

[15]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[16]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[17]  J. Frauenthal Mathematical Modeling in Epidemiology , 1980 .

[18]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[19]  Donald F. Towsley,et al.  On the performance of Internet worm scanning strategies , 2006, Perform. Evaluation.

[20]  Bernhard Plattner,et al.  Experiences with worm propagation simulations , 2003, WORM '03.

[21]  Matthew C. Elder,et al.  Recent worms: a survey and trends , 2003, WORM '03.

[22]  R. May,et al.  Infectious Diseases of Humans: Dynamics and Control , 1991, Annals of Internal Medicine.

[23]  Daryl J. Daley,et al.  Epidemic Modelling: An Introduction , 1999 .

[24]  Daniel P. W. Ellis,et al.  Worm anatomy and model , 2003, WORM '03.

[25]  B ShroffNess,et al.  Modeling and Automated Containment of Worms , 2008 .

[26]  Hal Berghel Digital: The Y2K e-commerce tumble , 2001, Commun. ACM.