Simulation and Evaluation of a New Algorithm of Worm Detection and Containment

Internet worm attacks have become increasingly more frequent and have caused enormous damage to the Internet community during the past years. A new security service that monitors the ongoing worm activities on the Internet and restricts the worm spreading rate automatically will greatly contribute to the security management of modern enterprise networks. Based on the comparison and analysis of many worm detection and containment strategies, a new and effective algorithm of detecting and containing network worms is proposed in this paper. The principle of this effective algorithm is an improved two rotation process to detect and contain worms. The simulation result of the algorithm is demonstrated so effectively to detect and slow down the rapid scanning worm and "stealthy " worm whose propagation rate is slower than the former. In order to reduce the number of false positives, the impact of normal network activities is also concerned. Finally, the simulation also analyzes the performance of detecting worms of the algorithm under normal and congestive network background

[1]  Jiang Wu,et al.  An Effective Architecture and Algorithm for Detecting Worms with Various Scan , 2004, NDSS.

[2]  Yong Tang,et al.  Slowing down Internet worms , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[3]  Donald F. Towsley,et al.  The monitoring and early detection of Internet worms , 2005, IEEE/ACM Transactions on Networking.

[4]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[5]  Robert Morris,et al.  Designing a framework for active worm detection on global networks , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[6]  Ping Wang,et al.  Model and Estimation of Worm Propagation Under Network Partition , 2006, ISPEC.

[7]  Guofei Gu,et al.  Worm detection, early warning and response based on local victim information , 2004, 20th Annual Computer Security Applications Conference.

[8]  Vern Paxson,et al.  Proceedings of the 13th USENIX Security Symposium , 2022 .

[9]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[10]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[11]  Donald F. Towsley,et al.  Monitoring and early warning for internet worms , 2003, CCS '03.

[12]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.