Exact Modeling of Propagation for Permutation-Scanning Worms

Modeling worm propagation has been an important research subject in the Internet-worm research community. An accurate analytical propagation model allows us to study the spreading speed and traffic pattern of a worm under an arbitrary set of worm/network parameters, which is often computationally too intensive for simulations. More importantly, it gives us an insight into the impact of each worm/network parameter on the propagation of the worm and the effectiveness of a potential defense mechanism that is designed to control some of those parameters. Traditionally, most modeling work in the area concentrates on the relatively simple random-scanning worms. However, worm technologies have advanced rapidly in recent years. By enabling close coordination among all infected hosts, the permutation-scanning worms minimize the duplication of effort when scanning the whole Internet address space. They propagate much faster, and more importantly, can be much more stealthy than the random-scanning worms. Modeling these worms, however, remains a challenge to date. This paper proposes a mathematical model that precisely characterizes the propagation patterns of the permutation-scanning worms. The analytical framework captures the interactions among all infected hosts by a series of inter-dependent differential equations, which together present the overall behavior of the worm. We use simulations to verify the numerical results from the model, and demonstrate how the model can be used to study the impact of various worm/network parameters on the propagation.