A propagation model of a vulnerability mitigation computer worm - seawave

Author

Al-Salloum, Ziyad S. ; Wolthusen, Stephen D.

Author_Institution

Inf. Security Group, R. Holloway, Univ. of London, London, UK

fYear

2011

fDate

6-8 Sept. 2011

Firstpage

347

Lastpage

352

Abstract

In this paper, we propose and analyze an analytical propagation model of a vulnerability mitigation worm (Seawave). The model takes into consideration the topology structure of enterprise networks such as switches, LANs, and backbone, proposing the first computer worm that use layer two of the OSI model as its main propagation medium. The model also addresses the worm´s communication delays due to CAM table reading (α), neighbor switch communication (β), and backbone mapping (ε). We also propose a bandwidth model to measure the traffic generated within different stages of worm propagation. Different simulations of different hierarchical topologies of enterprise networks have been driven to further evaluate and observe the defensive worm´s performance in large scale networks.

Keywords

computer network security; invasive software; local area networks; telecommunication network topology; CAM table reading; backbone mapping; backbone network; bandwidth model; enterprise network; large scale network; local area network; neighbor switch communication; seawave worm; switch network; vulnerability mitigation computer worm; worm communication delay; worm propagation model; Bandwidth; Computational modeling; Delay; Grippers; Network topology; Switches; Topology;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and System Security (NSS), 2011 5th International Conference on

Conference_Location

Milan

Print_ISBN

978-1-4577-0458-1

Type

conf

DOI

10.1109/ICNSS.2011.6060028

Filename

6060028