Pulse quarantine strategy of internet worm propagation: Modeling and analysis

Worms can spread throughout the Internet very quickly and are a great security threat. Constant quarantine strategy is a defensive measure against worms, but its reliability in current imperfect intrusion detection systems is poor. A pulse quarantine strategy is thus proposed in the current study. The pulse quarantine strategy adopts a hybrid intrusion detection system with both misuse and anomaly detection. Through analysis of corresponding worm propagation models, its stability condition is obtained: when the basic reproduction number is less than one, the model is stable at its infection-free periodic equilibrium point where worms get eliminated. Numerical and simulation experiments show that constant quarantine strategy is inefficient because of its high demand on the patching rate at ''birth'', whereas the pulse quarantine strategy can lead to worm elimination with a relatively low value. As patching almost all hosts in the actual network is difficult, the pulse quarantine strategy is more effective in worm elimination.

[1]  Zvia Agur,et al.  Theoretical examination of the pulse vaccination policy in the SIR epidemic model , 2000 .

[2]  Sihan Qing,et al.  A survey and trends on Internet worms , 2005, Comput. Secur..

[3]  Thomas M. Chen,et al.  Effectiveness of Quarantine in Worm Epidemics , 2006, 2006 IEEE International Conference on Communications.

[4]  Guirong Jiang,et al.  Bifurcation analysis in an SIR epidemic model with birth pulse and pulse vaccination , 2009, Appl. Math. Comput..

[5]  Fangwei Wang,et al.  Stability analysis of a SEIQV epidemic model for rapid spreading worms , 2010, Comput. Secur..

[6]  Steve R. White,et al.  Computers and epidemiology , 1993, IEEE Spectrum.

[7]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[8]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[9]  Vinod Yegneswaran,et al.  On the Design and Use of Internet Sinks for Network Abuse Monitoring , 2004, RAID.

[10]  Hanwu Liu,et al.  Stability of periodic solutions for an SIS model with pulse vaccination , 2003 .

[11]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[12]  Lansun Chen,et al.  Complexity of an SIR epidemic dynamics model with impulsive vaccination control , 2005 .

[13]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  B. Shulgin,et al.  Pulse vaccination strategy in the SIR epidemic model , 1998, Bulletin of mathematical biology.

[15]  Lansun Chen,et al.  The dynamics of a new SIR epidemic model concerning pulse vaccination strategy , 2008, Appl. Math. Comput..

[16]  Yu-Qing Zhang,et al.  Worm propagation modeling and analysis based on quarantine , 2004, InfoSecu '04.

[17]  Seong-Moo Yoo,et al.  Passive Benign Worm Propagation Modeling with Dynamic Quarantine Defense , 2009, KSII Trans. Internet Inf. Syst..

[18]  Sunita Gakkhar,et al.  Pulse vaccination in SIRS epidemic model with non-monotonic incidence rate , 2008 .

[19]  Donald F. Towsley,et al.  Worm propagation modeling and analysis under dynamic quarantine defense , 2003, WORM '03.

[20]  Shujing Gao,et al.  Dynamic complexities in a seasonal prevention epidemic model with birth pulses , 2005 .

[21]  Jingan Cui,et al.  The effect of constant and pulse vaccination on SIS epidemic models incorporating media coverage , 2009 .