Title :
A Quasi-Species Model for the Propagation and Containment of Polymorphic Worms
Author :
Stephenson, Bradley ; Sikdar, Biplab
Author_Institution :
Inf. Security Div., MITRE Corp., McLean, VA, USA
Abstract :
Polymorphic computer worms are characterized by their ability to change their byte sequence as they replicate and propagate, thereby aiming to thwart intrusion detection systems (IDSes). In this letter, we propose a model based on coevolution of biological quasi-species to characterize the propagation of polymorphic worms and the effect of IDSes on their dynamics. The model is used to derive the conditions required for the IDS to contain the worm. The model is validated using simulations.
Keywords :
computer crime; biological quasi-species; byte sequence; coevolution; polymorphic computer worms; thwart intrusion detection systems; Biological system modeling; Computational modeling; Grippers; Hamming distance; Mathematical model; Modeling; Strain; Network security; computer virus and worms; modeling techniques.;
Journal_Title :
Computers, IEEE Transactions on
