Article

An initial analysis and presentation of malware exhibiting swarm-like behavior

Authors:

Fernando C. Colón Osorio,

Zachi KlopmanAuthors Info & Claims

SAC '06: Proceedings of the 2006 ACM symposium on Applied computing

Pages 323 - 329

https://doi.org/10.1145/1141277.1141356

Published: 23 April 2006 Publication History

Get Access

Abstract

The Slammer, which is currently the fastest computer worm in recorded history, was observed to infect 90 percent of all vulnerable Internets hosts within 10 minutes. Although the main action that the Slammer worm takes is a relatively unsophisticated replication of itself, it still spreads so quickly that human response was ineffective. Most proposed countermeasures strategies are based primarily on rate detection and limiting algorithms. However, such strategies are being designed and developed to effectively contain worms whose behaviors are similar to that of Slammer.In our work, we put forth the hypothesis that next generation worms will be radically different, and potentially such techniques will prove ineffective. Specifically, we propose to study a new generation of worms called "Swarm Worms", whose behavior is predicated on the concept of "emergent intelligence". Emergent Intelligence is the behavior of systems, very much like biological systems such as ants or bees, where simple local interactions of autonomous members, with simple primitive actions, gives rise to complex and intelligent global behavior. In this manuscript we will introduce the basic principles behind the idea of "Swarm Worms", as well as the basic structure required in order to be considered a "swarm worm". In addition, we will present preliminary results on the propagation speeds of one such swarm worm, called the ZachiK worm. We will show that ZachiK is capable of propagating at a rate 2 orders of magnitude faster than similar worms without swarm capabilities.

References

[1]

C. C. Zou, L. Gao, W. G., and Towsley, D. Monitoring and early warning for internet worms. In 10th ACM Conference on Computer and Communications Security, Washington, DC (October 2003).

Digital Library

Google Scholar

[2]

Liu, S., and Passino, K. Swarm intelligence: Literature overview. In Dept. of Electrical Engineering, The Ohio State University, 2015 Neil Ave., Columbus, OH 43210 (2000).

Google Scholar

[3]

Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., and Weaver, N. The spread of the saphire/slammer worm. Tech. rep., A joint effort of CAIDA, ICSI, Silicon Defense, UC Berkeley EECS and UC San Diego CSE, 2003.

Google Scholar

[4]

Weaver, N., Paxson, V., Staniford, S., and Cunningham, R. A taxonomy of computer worms. In Proceedings of the ACM Workshop on Rapid Malware (WORM) (2003).

Digital Library

Google Scholar

Cited By

View all

Price S(2010)Adaptive Threats and DefensesInformation Security Management Handbook, Sixth Edition, Volume 410.1201/EBK1439819029-c2(29-43)Online publication date: Sep-2010
https://doi.org/10.1201/EBK1439819029-c2
Tang YDong X(2006)AntingProceedings of the 2006 IEEE/WIC/ACM International Conference on Web Intelligence10.1109/WI.2006.42(926-932)Online publication date: 18-Dec-2006
https://dl.acm.org/doi/10.1109/WI.2006.42

Index Terms

An initial analysis and presentation of malware exhibiting swarm-like behavior

Recommendations

Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
The Next Malware Battleground: Recovery After Unknown Infection

Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Ontology for Malware Behavior: A Core Model Proposal
WETICE '14: Proceedings of the 2014 IEEE 23rd International WETICE Conference

The ubiquity of Internet-connected devices motivates attackers to create malicious programs (malware) to exploit users and their systems. Malware detection requires a deep understanding of their possible behaviors, one that is detailed enough to tell ...

Comments

Information & Contributors

Information

Published In

SAC '06: Proceedings of the 2006 ACM symposium on Applied computing

April 2006

1967 pages

ISBN:1595931082

DOI:10.1145/1141277

Conference Chair:
Hisham M. Haddad
Kennesaw State University, Kennesaw, Georgia

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 April 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC06

Sponsor:

SIGAPP

SAC06: The 2006 ACM Symposium on Applied Computing

April 23 - 27, 2006

Dijon, France

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
551
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Price S(2010)Adaptive Threats and DefensesInformation Security Management Handbook, Sixth Edition, Volume 410.1201/EBK1439819029-c2(29-43)Online publication date: Sep-2010
https://doi.org/10.1201/EBK1439819029-c2
Tang YDong X(2006)AntingProceedings of the 2006 IEEE/WIC/ACM International Conference on Web Intelligence10.1109/WI.2006.42(926-932)Online publication date: 18-Dec-2006
https://dl.acm.org/doi/10.1109/WI.2006.42

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Correlation Analysis between Spamming Botnets and Malware Infected Hosts

The Next Malware Battleground: Recovery After Unknown Infection

Ontology for Malware Behavior: A Core Model Proposal

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Correlation Analysis between Spamming Botnets and Malware Infected Hosts

The Next Malware Battleground: Recovery After Unknown Infection

Ontology for Malware Behavior: A Core Model Proposal

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations