A taxonomy of computer worms

@inproceedings{Weaver2003ATO,
  title={A taxonomy of computer worms},
  author={Nicholas C. Weaver and Vern Paxson and Stuart Staniford-Chen and Robert K. Cunningham},
  booktitle={WORM '03},
  year={2003}
}
To understand the threat posed by computer worms, it is necessary to understand the classes of worms, the attackers who may employ them, and the potential payloads. This paper describes a preliminary taxonomy based on worm target discovery and selection strategies, worm carrier mechanisms, worm activation, possible payloads, and plausible attackers who would employ a worm. 
Defensive computer worms: an overview
TLDR
This paper discusses this very controversial topic and sheds some light on its history, philosophy, features, definitions, design guidelines, and distinguish between malicious and defensive worms in an attempt to break the common negative conception usually held towards computer worms.
WORM DETECTION BASED ON LOCAL VICTIM INFORMATION USING ANN
TLDR
A model of an early worm detection based on the worm victim behavior using Artificial Neural Networks (ANN) is introduced and the impact of using artificial intelligence in worm detection is exploited.
A Behaviour based Framework for Worm Detection
Computer Worms: Architectures, Evasion Strategies, and Detection Mechanisms
TLDR
How worms can be detected at each of the following stages: target discovery, while they are being distributed, while being activated at the hosts, and when they run their payloads is summarized.
Effects of security solutions on worm propagation
TLDR
Describing the worm propagation cycle in real world and identifying the ways that worms exploit to spread themselves are described and the results in the analytical worm propagation model are examined.
The tale of the weather worm
TLDR
Weather worms, worms that can automatically identify abnormal events and their location, and target computers at that physical location are introduced, which could be used to take advantage of poorly-defended computers in a disaster zone, and could amplify the effects of a physical attack.
A Tour of the Computer Worm Detection Space
TLDR
This paper presents a literature review on the worm detection techniques, highlighting the worm characteristics leveraged for detection and the limitations of the various detection techniques.
An Analysis of the Internet Parasite: A Biological Analog in the Digital World
TLDR
This study attempts to simulate parasitic behavior by extending the “parasim” simulator to more realistically model parasitic propagation across real-world topologies.
Fast Detection of Scanning Worm Infections
TLDR
The results show that this two-pronged approach successfully restricts the number of scans that a worm can complete, is highly effective, and has a low false alarm rate.
Very Fast Containment of Scanning Worms
TLDR
Containment algorithms suitable for deployment in high-speed, low-cost network hardware are developed and it is shown that these techniques can stop a scanning host after fewer than 10 scans with a very low false-positive rate.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 51 REFERENCES
Inside the Slammer Worm
The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what new
Access for sale: a new class of worm
TLDR
A new type of worm is introduced that enables a division of labor in the authors of self-reproducing malware, installing a back door on each infected system that opens only when presented a system-specific ticket generated by the worm's author.
Defending against an Internet-based attack on the physical world
TLDR
The dangers that scalable Internet functionality may present to the real world are discussed, focusing on a simple yet impactful attack that is believed to occur quite soon and to provide a warning to the Internet community of what is currently possible.
Defending against an Internet-based attack on the physical world
We discuss the dangers that scalable Internet functionality may present to the real world, focusing upon an attack that is simple, yet can have great impact, which we believe may occur quite soon. We
Implementing and Testing a Virus Throttle
TLDR
The implementation and testing of a virus throttle is described - a program, based on a new approach, that is able to substantially reduce the spread of and hence damage caused by mobile code such as worms and viruses.
How to Own the Internet in Your Spare Time
TLDR
This work develops and evaluates several new, highly virulent possible techniques: hit-list scanning, permutation scanning, self-coordinating scanning, and use of Internet-sized hit-lists (which creates a flash worm).
Security Holes . . . Who Cares?
  • E. Rescorla
  • Computer Science
    USENIX Security Symposium
  • 2003
TLDR
An observational study of user response following the OpenSSL remote buffer overflows of July 2002 and the worm that exploited it in September 2002 finds that administrators are generally very slow to apply the fixes.
Code-Red: a case study on the spread and victims of an internet worm
TLDR
The experience of the Code-Red worm demonstrates that wide-spread vulnerabilities in Internet hosts can be exploited quickly and dramatically, and that techniques other than host patching are required to mitigate Internet worms.
Modeling the spread of active worms
  • Zesheng Chen, Lixin Gao, K. Kwiat
  • Computer Science
    IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428)
  • 2003
TLDR
This paper presents a mathematical model, referred to as the Analytical Active Worm Propagation (AAWP) model, which characterizes the propagation of worms that employ random scanning, and extends the AAWP model to understand the spread ofworms that employ local subnet scanning.
Throttling viruses: restricting propagation to defeat malicious mobile code
  • Matthew M. Williamson
  • Computer Science
    18th Annual Computer Security Applications Conference, 2002. Proceedings.
  • 2002
TLDR
A simple technique to limit the rate of connections to "new" machines that is remarkably effective at both slowing and halting virus propagation without affecting normal traffic is described.
...
1
2
3
4
5
...