Modeling the propagation of Peer-to-Peer worms under quarantine

Peer-to-Peer (P2P) worms have become a serious problem on the Internet because of its adaptive propagation features. Due to the complexity of the problem, no existing work has solved the problem of modeling the propagation of P2P worms, especially when quarantine of peers is enforced. This paper presents a study on modeling the propagation of P2P worms under quarantine. We strive to find a quarantine tactic which is able to protect the majority of the peers by quarantining only the minority of them. Our major contributions in this paper are firstly, we propose a novel logic matrix approach to modeling the propagation of P2P worms; and secondly, we find the impacts of the two different quarantine tactics on the propagation characteristics of P2P worms. Motivated by our aspiration to invent an easy-to-employ instrument for worm propagation research, the proposed approach models the propagation processes of P2P worms by difference equations of logic matrix, which are essentially discrete-time deterministic propagation models of P2P worms. To the best of our knowledge, we are the first using logic matrix in network security research in general and worm propagation modeling in particular.

[1]  Yang Xiang,et al.  Propagation of active worms: A survey , 2009, Comput. Syst. Sci. Eng..

[2]  Alexander Grey,et al.  The Mathematical Theory of Infectious Diseases and Its Applications , 1977 .

[3]  N. Ling The Mathematical Theory of Infectious Diseases and its applications , 1978 .

[4]  R. May,et al.  Infectious Diseases of Humans: Dynamics and Control , 1991, Annals of Internal Medicine.

[5]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[6]  H. Andersson,et al.  Stochastic Epidemic Models and Their Statistical Analysis , 2000 .

[7]  Iván Arce,et al.  An Analysis of the Slapper Worm , 2003, IEEE Secur. Priv..

[8]  Daryl J. Daley,et al.  Epidemic Modelling: An Introduction , 1999 .

[9]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[10]  Tamer Basar,et al.  Stochastic behavior of random constant scanning worms , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[11]  Chuanyi Ji,et al.  Importance-scanning worm using vulnerable-host distribution , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[12]  Wei Yu Analyze the worm-based attack in large scale P2P networks , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[13]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[14]  J. Frauenthal Mathematical Modeling in Epidemiology , 1980 .

[15]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[16]  Donald F. Towsley,et al.  On the performance of Internet worm scanning strategies , 2006, Perform. Evaluation.

[17]  Chuanyi Ji,et al.  A self-learning worm using importance scanning , 2005, WORM '05.

[18]  Yang Wang,et al.  Modeling the effects of timing parameters on virus propagation , 2003, WORM '03.

[19]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[20]  Saurabh Bagchi,et al.  Modeling and Automated Containment of Worms , 2008, IEEE Trans. Dependable Secur. Comput..

[21]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[22]  Don Towsley,et al.  Routing worm: a fast, selective attack worm based on IP address information , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).