Abstract
One of the worst threats present in an enterprise network is the propagation of “scanning malware” (e.g., scanning worms and bots). It is important to prevent such scanning malware from spreading within an enterprise network. It is especially important to suppress scanning malware infection to less than a few infected hosts. We estimated the timing of containment software to block “scanning malware” in a homogeneous enterprise network. The “combinatorics proliferation model”, based on discrete mathematics, developed in this study derives a threshold that gives the number of the packets sent by a victim that must not be exceeded in order to suppress the number of infected hosts to less than a few. This model can appropriately express the early state under which an infection started. The result from our model fits very well to the result of computer simulation using a typical existing scanning malware and an actual network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Barford, P., Yegneswaran, V.: An Inside Look at Botnets. In: Workshop on Malware Detection, Advances in Information Security. Springer, Heidelberg (2006)
Nikoloski, Z., Kucera, L.: Correlation Model of Worm Propagation on Scale-Free Networks. Complexus 2006 3, 169–182 (2006)
Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. In: Proceedings of IEEE INFOCOM (March 2003)
Staniford, S.: Containment of Scanning Worms in Enterprise Networks. Journal of Computer Security (2004)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code (2003)
Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and Early Warning for Internet Worms. In: Proc. in 10th ACM Conference on Computer and Communication Security (CCS 2003) (October 2003)
Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proc. of the 18th Annual Computer Security Applications Conference (2002)
Whyte, D., Kranakis, E., Oorschot, P.: DNS-based Detection of Scanning Worms in an Enterprise Network. In: Proc. of the 12th Annual Network and Distributed System Security Symposium (February 2005)
Whyte, D., Oorschot, P., Kranakis, E.: Detecting Intra-enterprise Scanning Worms based on Address Resolution. In: ACSAC (2005)
Bakos, G., Berk, V.H.: Early detection of Internet worm activity by metering ICMP destination unreachable messages. In: Proc. of the SPIE Conference on Sensors, and Command, Control, Communications and Intelligent (April 2002)
Weaver, N., Staniford, S., Paxson, V.: Very Fast Containment of Scanning Worms. In: 13th USENIX Security Symposium (August 2004)
Jung, J., Paxson, V., Berger, A., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: IEEE Symposium on Security and Privacy (2004)
Schechter, S.E., Jung, J., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Proc. of the Seventh International Symposium on Recent Advances in Intrusion Detection (September 2004)
Omote, K., Torii, S.: A Detection Method of Worm’s Random Scanning. In: Proc. of CSS 2003 (October 2003) (Japanese)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Omote, K., Shimoyama, T., Torii, S. (2008). Timing to Block Scanning Malwares by Using Combinatorics Proliferation Model. In: Filipe, J., Obaidat, M.S. (eds) E-business and Telecommunications. ICETE 2007. Communications in Computer and Information Science, vol 23. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88653-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-88653-2_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88652-5
Online ISBN: 978-3-540-88653-2
eBook Packages: Computer ScienceComputer Science (R0)