Title :
Modeling and automated containment of worms
Author :
Sellke, Sarah ; Shroff, Ness B. ; Bagchi, Saurabh
Author_Institution :
Sch. of Electr. & Comput. Eng., Purdue Univ., West Lafayette, IN, USA
fDate :
28 June-1 July 2005
Abstract :
Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormous adverse impact on the Internet. There is a great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of worms beyond its early stages. Specifically, using the branching process model, we are able to (1) provide a precise condition that determines whether the worm will eventually die out and (2) provide the probability that the total number of hosts that the worm infects will be below a certain level. We use these insights to develop a simple automatic worm containment scheme, which is demonstrated, through simulations and real trace data, to be both effective and non-intrusive.
Keywords :
Internet; invasive software; stochastic processes; Internet scanning worm; automatic worm containment; early phase propagation; stochastic branching process; Buffer overflow; Computer viruses; Computer worms; Equipment failure; Humans; IP networks; Internet; Stochastic processes; Telecommunication traffic; Web server; Internet scanning worms; automatic worm containment; branching process model; early phase propagation; stochastic worm modeling;
Conference_Titel :
Dependable Systems and Networks, 2005. DSN 2005. Proceedings. International Conference on
Print_ISBN :
0-7695-2282-3
DOI :
10.1109/DSN.2005.66
