Encounter-based worms: analysis and defense

In this article they develop the aggressive one-sided interaction worm model for understanding the distributed security response mechanism using beneficial worm in encounter-based network. In addition, we propose the two-group concept on worm propagation in encounter-based networks. We simulate such worm interaction and find that the inter- encounter rate plays an important role in determining total infectives. We attenuate the vaccination and termination rate to reduce unnecessary communication overhead of individual predator infective, finding that the counter limit that controls the attenuation must be carefully assigned to have equivalent performance as the approach without counter limit does. Further study is needed on modeling encounter patterns of real users. We plan to extract such users' behavior from wireless LAN trace of major universities, e.g. University of Southern California, and Dartmouth College.

[1]  David M. Nicol,et al.  Models and Analysis of Active Worm Defense , 2005, MMM-ACNS.

[2]  Paul D. Ezhilchelvan,et al.  A Family of Encounter-Based Broadcast Protocols for Mobile Ad-Hoc Networks , 2004, EuroNGI Workshop.

[3]  A. Helmy,et al.  VACCINE : War of the Worms in Wired and Wireless Networks , 2005 .

[4]  Donald F. Towsley,et al.  Performance modeling of epidemic routing , 2006, Comput. Networks.

[5]  Ahmed Helmy,et al.  On the Performance Evaluation of Encounter-based Worm Interactions Based on Node Characteristics , 2007, ArXiv.

[6]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  Jun Xu,et al.  WORM vs. WORM: preliminary study of an active counter-attack mechanism , 2004, WORM '04.

[8]  Ahmed Helmy,et al.  Computer Worm Ecology in Encounter-based Networks (Invited Paper) , 2008 .

[9]  Ahmed Helmy,et al.  On the performance evaluation and prediction of encounter-based worm interactions based on node characteristics , 2007, CHANTS '07.

[10]  Ayalvadi J. Ganesh,et al.  On the effectiveness of automatic patching , 2005, WORM '05.

[11]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[12]  H. Trottier,et al.  Deterministic Modeling Of Infectious Diseases: Theory And Methods , 2000 .

[13]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[14]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[15]  Wei-jen Hsu,et al.  On Modeling User Associations in Wireless LAN Traces on University Campuses , 2006, 2006 4th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks.

[16]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[17]  Pan Hui,et al.  Impact of Human Mobility on the Design of Opportunistic Forwarding Algorithms , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[18]  Kevin A. Kwiat,et al.  Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).