Analysis of countermeasures of worm propagations and interactions in wired and wireless networks
暂无分享,去创建一个
“War of the worms” is a war between opposing computer worms, creating complex worm interactions as well as a detrimental impact on infrastructure. For example, in September 2003 the Welchia worms were launched to terminate the Blaster worms and patch the vulnerable hosts. We propose a new Worm Interaction Model (based upon and extending beyond the epidemic model) focusing on random-scan network worm interactions and encounter-based worm interactions.
Motivated by “war of the worms”, we propose a worm interaction approach that relies upon automated beneficial worm generation aiming to alleviate problems of worm propagations in such networks. We also propose a new set of metrics to quantify the effectiveness of one worm terminating other worm. To understand the dynamic of worm interactions and its performance, we mathematically model worm interactions based on major worm interaction factors including worm interaction types, network characteristics, and node characteristics using ordinary differential equations and analyze their effects on our proposed metrics. Our study provides the first work to characterize and investigate worm interactions of random-scan worms in multi-hop networks.
For encounter-based worms, we validate our proposed model using extensive synthetic and trace-driven simulations. We find that, all the above worm interaction factors significantly affect the pattern of worm propagations. For example, immunization linearly decreases the infection of susceptible nodes while on-off behavior only impacts the duration of infection. Using realistic mobile network measurements, we find that encounters are “bursty”, multi-group and non-uniform. The trends from the trace-driven simulations are consistent with the model, in general. Immunization and timely deployment seem to be the most effective to counter the worm attacks in such scenarios while cooperation may help in a specific case. These findings provide insight that we hope would aid to develop counter-worm protocols in future encounter-based networks.