Modeling and Automated Containment of Worms

Get BibTex-formatted data

Download

PDF

Author

Sarah Sellke, Ness B. Shroff, and Saurabh Bagchi

Tech report number

CERIAS TR 2005-88

Entry type

techreport

Abstract

Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormous adverse impact on the Internet. There is a great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of worms beyond its early stages. Specifically, using the branching process model, we are able to (1) provide a precise condition that determines whether the worm will eventually die out and (2) provdide the probability that the total number of hosts that the worm infects will be below a certain level. We use these insights to develop a simple automatic worm containment scheme, which is demonstrated, through simulations and real trace data, to be both effective and non-intrusive.

Download

PDF

Date

2005

Key alpha

Modeling and Automated Containment of Worms

Publisher

International Conference on Dependable Systems and Networks

School

Purdue University

Publication Date

2005-01-01

Keywords

Internet scanning worms, stochastic worm modeling, branching process model, early phase propagation, automatic worm containmentt.

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Modeling and Automated Containment of Worms ,
	title = "Modeling and Automated Containment of Worms ",
	author = "Sarah Sellke, Ness B. Shroff, and Saurabh Bagchi",
	year = "2005",
	publisher = "International Conference on Dependable Systems and Networks",
	school = "Purdue University",
	abstract = "Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due 
to their enormous adverse impact on the Internet. There is a great interest in the research community in modeling the 
spread of worms and in providing adequate defense mechanisms against them. 
In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet 
worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of 
worms beyond its early stages. Specifically, using the branching process model, we are able to (1) provide a precise 
condition that determines whether the worm will eventually die out and (2) provdide the probability that the total 
number of hosts that the worm infects will be below a certain level. We use these insights to develop a simple automatic 
worm containment scheme, which is demonstrated, through simulations and real trace data, to be both effective and 
non-intrusive. ",
	keywords = "Internet scanning worms, stochastic worm modeling, branching process model, early phase propagation, automatic worm containmentt.",
}