Measurement and analysis of worm propagation on Internet network topology

There has been a constant barrage of worms over the Internet during the recent past. Besides threatening network security, these worms cause an enormous economic burden in terms of loss of productivity at the victim hosts. In addition, these worms create unnecessary network data traffic that causes network congestion, thereby hurting all users. To develop appropriate tools for thwarting quick spread of worms, researchers are trying to understand the behavior of the worm propagation with the aid of epidemiological models. In this study, we apply the classical SIS model and a modification of SIR model to simulate worm propagation in two different network topologies. Whereas in the SIR model once a node is cured after infection it becomes permanently immune, our modification allows this immunity to be temporary, since the cured nodes may again become infected, maybe with a different strain of the same worm. The simulation study also shows that time to infect a large portion of the network vary significantly depending on where the infection begins. This information could be usefully employed to choose hosts for quarantine to delay worm propagation to the rest of the network

[1]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[2]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[3]  Eugene H. Spafford,et al.  The Internet Worm Incident , 1989, ESEC.

[4]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[5]  Ellen W. Zegura,et al.  How to model an internetwork , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[6]  Christos Faloutsos,et al.  Epidemic spreading in real networks: an eigenvalue viewpoint , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[7]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[9]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[10]  J. Frauenthal Mathematical Modeling in Epidemiology , 1980 .

[11]  Matthew C. Elder,et al.  On computer viral infection and the effect of immunization , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[12]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Leah Edelstein-Keshet,et al.  Mathematical models in biology , 2005, Classics in applied mathematics.

[14]  Yang Wang,et al.  Modeling the effects of timing parameters on virus propagation , 2003, WORM '03.

[15]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.