Internet Worms: Propagation Modeling and Analysis (original) (raw)
2005
Several Internet-scale incidents from the recent years have demonstrated the ability of self-propagating code, also known as "network worms", to infect large numbers of hosts, exploiting vulnerabilities in the largely deployed operating systems and applications. Capable of infecting a substantial portion of the hosts within several minutes, and impacting the world-wide network opera- tions by generating a distributed denial of service (DDoS) attack on the whole Internet, network worms are considered a major security threat. So, a better understanding of the worms' propagation means will help to implement a more efficient detection and defense. Recent worm incidents have indicated a lot of interest in implementing a variety of scanning strategies to increase the worms' spreading speed and de- feat security defense measures. In this paper, we present some mathematical models to analyze various scanning strategies that attackers have already used or might use in the f...
Related papers
IJERT-Analyzing The Behaviour And Propagation Traffic Generated By Active Worms
International Journal of Engineering Research and Technology (IJERT), 2013
https://www.ijert.org/analyzing-the-behaviour-and-propagation-traffic-generated-by-active-worms https://www.ijert.org/research/analyzing-the-behaviour-and-propagation-traffic-generated-by-active-worms-IJERTV2IS60435.pdf Because of the ability of self propagation, active worms cause major threats to the computers connected over the internet. In an automated fashion these worms continuously propagates over the internet causes the computers to compromise and pose major security threats. There is a necessity of identifying such worms at some stage, stop its propagation and destruction causing by them. This can be done by studying its behaviour and implementing certain detection schemes. In this paper we analyze various computer worms with their behaviour and the propagation traffic generated by them.
An Analytical Survey of Recent Worm Attacks
IJCSNS, 2011
In this paper, I will present a broad overview of recent worm attacks starting from the year 2000 through 2011. Some of the most ‘notorious’ worms were discovered during this period including code red, slammer, and conficker. Though this paper does not contain any original research, it is meant to provide malware researchers with well-documented information of some worms that caused havoc during the said period. After sifting through thousands of entries on virus information repositories, I present, in this paper, only those that I considered novel in their approach, primarily from a technical perspective. As a summary to the paper, I have presented a broad overview of trends that I extracted from this raw data and also focussed on the ever increasing destructive potential of worms.
New Multi-step Worm Attack Model
Computing Research Repository, 2010
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack pattern can be abstracted to form worms' attack model which describes the process of worms' infection. For the purpose of this paper, only Blaster variants were used during the experiment. This paper proposes a multi-step worm attack model which can be extended into research areas in alert correlation and computer forensic investigation.
Measuring network-aware worm spreading ability
2007
Abstract This work investigates three aspects:(a) a network vulnerability as the non-uniform vulnerable-host distribution,(b) threats, ie, intelligent worms that exploit such a vulnerability, and (c) defense, ie, challenges for fighting the threats. We first study five data sets and observe consistent clustered vulnerable-host distributions. We then present a new metric, referred to as the non-uniformity factor, which quantifies the unevenness of a vulnerable-host distribution.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.