Self-Disciplinary Worms and Countermeasures: Modeling and Analysis

@article{Yu2010SelfDisciplinaryWA,
  title={Self-Disciplinary Worms and Countermeasures: Modeling and Analysis},
  author={Wei Yu and Nan Zhang and Xinwen Fu and Wei Zhao},
  journal={IEEE Transactions on Parallel and Distributed Systems},
  year={2010},
  volume={21},
  pages={1501-1514}
}
  • Wei Yu, Nan Zhang, +1 author W. Zhao
  • Published 2010
  • Computer Science
  • IEEE Transactions on Parallel and Distributed Systems
In this paper, we address issues related to the modeling, analysis, and countermeasures of worm attacks on the Internet. Most previous work assumed that a worm always propagates itself at the highest possible speed. Some newly developed worms (e.g., “Atak” worm) contradict this assumption by deliberately reducing the propagation speed in order to avoid detection. As such, we study a new class of worms, referred to as self-disciplinary worms. These worms adapt their propagation patterns in order… Expand
Evolution of Widely Spreading Worms and Countermeasures
TLDR
This chapter analyzes the first few steps of the interaction between worm propagator and its defender, and proposes defensive methodology and techniques that can effectively defend against newly evolved worms in the future. Expand
Exploring Worm Behaviors using DTW
TLDR
A dynamic host--based worm categorization approach to segregate worms that indicates that worm samples constitute different behavior according to their infection and anti--detection vectors is proposed. Expand
Computer Network Worms Propagation and its Defence Mechanisms: A Survey
Information security is one of the major concerns for military, government, civil and commercial organizations and security risk has been immensely raised on the internet access. Self-duplicating,Expand
A stochastic worm model
TLDR
A (stochastic) continuous-time Markov chain model for characterizing the propagation of Internet worms is presented and the underlying similarity and relationship between uniform scanning and local preference scanning worms is revealed. Expand
A Study on Recent Worms Classification and Defense Mechanisms
In recent years, the number of people using the Internet and network services is increasing day by day. Due to the rapid increase in the speed as well as the number of users over the Internet, theExpand
Game theory and network security: Economic incentives and barriers
Nowadays, the Internet and computer networks play an increasing role in our modern society. However, we also witness new types of security and privacy incidents such as the propagation of malware,Expand
Stability analysis of VEISV propagation modeling for network worm attack
In this paper, we propose VEISV (vulnerable – exposed – infectious – secured – vulnerable) network worm attack model, which is appropriate for measuring the effects of security countermeasures onExpand
H2P: A Novel Model to Study the Propagation of Modern Hybrid Worm in Hierarchical Networks
TLDR
An analytical Hierarchical-Hybrid Propagation (H2P) model for characterizing worm propagation and shows that the model presented in this paper achieves a greater accuracy in characterizing the propagation of modern hybrid worms. Expand
Modeling and analysis of gradual hybrid anti-worm
The gradual hybrid anti-worm (GHAW) was presented. It changed its confrontation scheme in real time according to the percentage of vulnerable hosts present in the network. For GHAW, its process ofExpand
Detection of traditional and new types of Malware using Host-based detection scheme
TLDR
Many traditional and new types of worms including c- worms also-worms stands for camouflaging worms because of its nature of self propagating and hiding nature are discussed. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 66 REFERENCES
Worm propagation modeling and analysis under dynamic quarantine defense
TLDR
The analysis shows that the dynamic quarantine can reduce a worm's propagation speed, which can give precious time to fight against a worm before it is too late, and will raise aworm's epidemic threshold, thus it will reduce the chance for a worm to spread out. Expand
Understanding Divide-Conquer-Scanning Worms
TLDR
It is found that if vulnerable hosts follow a non-uniform distribution such as the Witty-worm victim distribution, divide-conquer scanning can spread a worm much faster than random scanning. Expand
Modeling the spread of active worms
  • Zesheng Chen, L. Gao, K. Kwiat
  • Computer Science
  • IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428)
  • 2003
TLDR
This paper presents a mathematical model, referred to as the Analytical Active Worm Propagation (AAWP) model, which characterizes the propagation of worms that employ random scanning, and extends the AAWP model to understand the spread ofworms that employ local subnet scanning. Expand
Worm origin identification using random moonwalks
We propose a novel technique that can determine both the host responsible for originating a propagating worm attack and the set of attack flows that make up the initial stages of the attack tree viaExpand
Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks
TLDR
This paper presents an approach to (distributed) DoS attack prevention that is based on the observation that coordinated automated activity by many hosts needs a mechanism to remotely control them and shows that this method can be realized in the Internet by describing how it infiltrated and tracked IRC-based botnets. Expand
Worm detection, early warning and response based on local victim information
TLDR
A simple two-phase local worm victim detection algorithm, DSC (Destination-Source Correlation), is proposed based on worm behavior in terms of both infection pattern and scanning pattern, which can detect zero-day scanning worms with a high detection rate and very low false positive rate. Expand
Code-Red: a case study on the spread and victims of an internet worm
TLDR
The experience of the Code-Red worm demonstrates that wide-spread vulnerabilities in Internet hosts can be exploited quickly and dramatically, and that techniques other than host patching are required to mitigate Internet worms. Expand
The monitoring and early detection of Internet worms
TLDR
This paper presents an Internet worm monitoring system, and presents a "trend detection" methodology to detect a worm at its early propagation stage by using Kalman filter estimation, which is robust to background noise in the monitored data. Expand
Code red worm propagation modeling and analysis
TLDR
This paper provides a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken by ISPs and users; the other is the slowed down worm infection rate because Code Red rampant propagation caused congestion and troubles to some routers. Expand
Distributed Evasive Scan Techniques and Countermeasures
Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtainedExpand
...
1
2
3
4
5
...