Title :
Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware
Author :
Cooke, Evan ; Mao, Morley Z. ; Jahanian, Farnam
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Michigan Univ., Ann Arbor, MI
Abstract :
Self-propagating malware like worms and bots can dramatically impact the availability and reliability of the Internet. Techniques for the detection and mitigation of Internet threats using content prevalence and scan detectors are based on assumptions of how threats propagate. Some of these assumptions have recently been called into question by observations of huge discrepancies in the quantity of specific threats detected at different points around the Internet. We call these deviations from uniform propagation "hotspots". This paper quantifies and explains these influences on malware propagation. We then propose that hotspots can be explained by two fundamental influences on propagation: algorithmic factors and environmental factors. We use measurement data from sensors deployed at 11 locations around the Internet to demonstrate the impact of these factors on worm and bot propagation. With this understanding, we simulate the outbreak of new threats with hotspots and show how algorithmic and environmental factors reduce the visibility of distributed detectors resulting in the inability to identify new threats
Keywords :
Internet; computer crime; invasive software; Internet threat detection; algorithmic factor; bot propagation; environmental factor; malware propagation; self-propagating malware; worm propagation; Algorithm design and analysis; Computer worms; Detectors; Environmental factors; Information filtering; Information filters; Internet; Network topology; Routing; Sensor phenomena and characterization;
Conference_Titel :
Dependable Systems and Networks, 2006. DSN 2006. International Conference on
Conference_Location :
Philadelphia, PA
Print_ISBN :
0-7695-2607-1
DOI :
10.1109/DSN.2006.39
