Effectiveness of Quarantine in Worm Epidemics

Quarantine is a natural concept borrowed from human disease control to slow down worm outbreaks. We study the effectiveness of partial quarantine for simple epidemics (without removals) and find that the optimal quarantine strategy is not as simple as expected. The strategy depends on which networks are most important to protect. We also investigate the effectiveness of quarantine for general epidemics (with removals) and derive the critical threshold for networks to have herd immunity. We show that, given a limited capability to quarantine a given number of networks, the optimal quarantine strategy is to isolate the networks small enough to have herd immunity, and then divide the remaining networks as evenly as possible.

[1]  Donald F. Towsley,et al.  Worm propagation modeling and analysis under dynamic quarantine defense , 2003, WORM '03.

[2]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.

[3]  Sumeet Singh,et al.  The EarlyBird System for Real-time Detection of Unknown Worms , 2005 .

[4]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[5]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[6]  Carlos Castillo-Chavez,et al.  Mathematical Models of Isolation and Quarantine , 2003 .

[7]  W. Gong,et al.  A Firewall Network System for Worm Defense in Enterprise Networks , 2004 .

[8]  Gregory R. Ganger,et al.  Self-Securing Network Interfaces: What, Why and How (CMU-CS-02-144) , 2002 .

[9]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[10]  C. Castillo-Chavez,et al.  Mathematical Approaches for Emerging and Reemerging Infectious Diseases: An Introduction , 2002 .

[11]  Bernhard Plattner,et al.  Experiences with worm propagation simulations , 2003, WORM '03.

[12]  Alexander Grey,et al.  The Mathematical Theory of Infectious Diseases and Its Applications , 1977 .

[13]  David M. Nicol,et al.  Comparing passive and active worm defenses , 2004, First International Conference on the Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings..

[14]  Guofei Gu,et al.  Worm detection, early warning and response based on local victim information , 2004, 20th Annual Computer Security Applications Conference.

[15]  Dawn Xiaodong Song,et al.  Dynamic quarantine of Internet worms , 2004, International Conference on Dependable Systems and Networks, 2004.

[16]  David M. Nicol,et al.  Simulating realistic network worm traffic for worm warning system design and testing , 2003, WORM '03.

[17]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[18]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[19]  David M. Nicol,et al.  A mixed abstraction level simulation model of large-scale Internet worm infestations , 2002, Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems.

[20]  N. Bailey,et al.  The mathematical theory of infectious diseases and its applications. 2nd edition. , 1975 .

[21]  N. Ling The Mathematical Theory of Infectious Diseases and its applications , 1978 .

[22]  Ron J. Patton,et al.  Methods for fault diagnosis in rail vehicle traction and braking systems , 1995 .

[23]  Norman T. J. Bailey,et al.  The Mathematical Theory of Infectious Diseases , 1975 .

[24]  Paul C. van Oorschot,et al.  A monitoring system for detecting repeated packets with applications to computer worms , 2006, International Journal of Information Security.

[25]  Sanjay Ranka,et al.  An Internet-worm early warning system , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[26]  Karl N. Levitt,et al.  A hybrid quarantine defense , 2004, WORM '04.

[27]  John Heidemann,et al.  Detecting Early Worm Propagation through Packet Matching , 2004 .

[28]  Robert Morris,et al.  Designing a framework for active worm detection on global networks , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[29]  Sergio F. Ochoa,et al.  Integrated notation for software architecture specifications , 2004, XXIV International Conference of the Chilean Computer Science Society.