Title :
Understanding Localized-Scanning Worms
Author :
Chen, Zesheng ; Chen, Chao ; Ji, Chuanyi
Author_Institution :
Sch. of Electr. & Comput. Eng., Georgia Inst. of Technol., Atlanta, GA
Abstract :
Localized scanning is a simple technique used by attackers to search for vulnerable hosts. Localized scanning trades off between the local and the global search of vulnerable hosts and has been used by Code Red II and Ninida worms. As such a strategy is so simple yet effective in attacking the Internet, it is important that defenders understand the spreading ability and behaviors of localized-scanning worms. In this work, we first characterize the relationships between vulnerable-host distributions and the spread of localized-scanning worms through mathematical modeling and analysis, and compare random scanning with localized scanning. We then design an optimal localized-scanning strategy, which provides an upper bound on the spreading speed of localized-scanning self-propagating codes. Furthermore, we construct three variants of localized scanning. Specifically, the feedback localized scanning and the ping-pong localized scanning adapt the scanning methods based on the feedback from the probed host, and thus spread faster than the original localized scanning and meanwhile have a smaller variance.
Keywords :
Internet; telecommunication security; Code Red II; Internet; Ninida worms; feedback localized scanning; localized-scanning self-propagating codes; localized-scanning worms; random scanning; vulnerable-host distributions; Application software; Chaos; Computer worms; Costs; Feedback; IP networks; Internet; Mathematical model; Operating systems; Upper bound;
Conference_Titel :
Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE Internationa
Conference_Location :
New Orleans, LA
Print_ISBN :
1-4244-1138-6
Electronic_ISBN :
1097-2641
DOI :
10.1109/PCCC.2007.358894
