• DocumentCode
    2880698
  • Title

    A Behaviour Study of Network-Aware Stealthy Worms

  • Author

    Smith, Craig ; Matrawy, Ashraf

  • Author_Institution
    Dept. of Syst. & Comput. Eng., Carleton Univ., Ottawa, ON, Canada
  • fYear
    2009
  • fDate
    14-18 June 2009
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    This paper examines the general behaviour of stealthy worms. In particular, we focus on worms that are designed based on network awareness. We study the case where a worm, instead of aiming to spread as fast as possible and penetrate intrusion detection systems (IDS), aims to avoid IDS and spread with the minimum number of detections. We compare different scanning strategies for this worm, including different combinations of hitlist and random scanning, and how they affect the number of infections and the rate of detected infection attempts. We compare the network-aware worm´s behavior to that of the Code Red II worm. Simulations show that scanning worms can generate many fewer detections using localized scanning while maintaining its capability to infect.
  • Keywords
    invasive software; Code Red II worm; intrusion detection systems; network awareness; network-aware stealthy worms; Communications Society; Computer networks; Computer worms; Cryptography; Intrusion detection; Peer to peer computing; Routing; Systems engineering and theory; Telecommunication traffic; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications, 2009. ICC '09. IEEE International Conference on
  • Conference_Location
    Dresden
  • ISSN
    1938-1883
  • Print_ISBN
    978-1-4244-3435-0
  • Electronic_ISBN
    1938-1883
  • Type

    conf

  • DOI
    10.1109/ICC.2009.5198577
  • Filename
    5198577
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2880698