Propagation modeling and analysis of network worm attack
Article No.: 48, Pages 1 - 4
Abstract
Building a realistic model for a network defense system against a worm attack is vital to better understand the effects of a worm attack on network assets and functionality. Traditional epidemic worm modeling does not take into consideration the real network topology or network actual defense measures.
This paper proposes a computer worm model considering countermeasures and analyzes the stability of the model. The proposed VEISV (vulnerable, exposed, infected, secured, and vulnerable) multi-malware worm model is appropriate for realistic up-to-date security countermeasure implementation, and the model takes into consideration the accurate positions for hosts' replacements and hosts out-of-service in state transactions. Furthermore, initial simulation results show the positive impact of increasing security measures on a worm propagation wave. Additionally, confirmation of stability points is under development by using phase plot.
Supplementary Material
Supplemental material. (a48-toutonji_slides.pdf)
- Download
- 323.21 KB
References
[1]
F. Brauer, C. C. Chavez, Mathematical Models in Population Biology and Epidemiology. New York: Springer-Verlag, 2000, ch.7.
[2]
Y. Takeuchi, Y. Iwasa, K. Sato, Mathematics for Life Science and Medicine. New York: Springer-Verlag, 2007, ch.1.
[3]
E. Skoudis, L. Zeltser, Malware: Fighting Malicious Code. New Jersey: Prentice Hall-Verlag, 2004, ch.3.
[4]
X. Z. Li, L. L. Zhou, "Global stability of an SEIR epidemic model with vertical transmission and saturating contact rate," Chaos Solitons and Fractals, vol. 40, pp. 874--884, August. 2007.
[5]
G. Li, J. Zhen, "Global stability of an SEI epidemic model with general contact rate," Chaos Solitons and Fractals, vol. 23, pp. 997--1004, Jun. 2004.
[6]
B. K. Mishra, N. Jha, "Fixed period of temporary immunity after run of anti-malicious software on computer nodes," Applied Mathematics and Computation, vol. 190, pp. 1207--1212, February. 2007.
[7]
B. K. Mishra, N. Jha, "SEIQRS model for the transmission of malicious objects in computer network," Applied Mathematics Modeling, vol. 34, pp. 1207--1212, June. 2009.
[8]
N. Yi Mishra, et al., "Analysis and control of an SEIR epidemic system with nonlinear transmission rate," Mathematics and computer Modeling, vol. 50, pp. 1498--1513, July. 2009.
[9]
C. Sun, et al., "Global stability for an special SEIR epidemic model with nonlinear incidence rates," Chaos Solitons and Fractals, vol. 33, pp. 290--297, December. 2005.
[10]
H. Yuan, G. Chen, "Network virus-epidemic model with the point --to-group information propagation," Applied Mathematics and Computation, vol. 206, pp. 357--367, September. 2008.
[11]
F. Wang, et al., "stability analysis of SEIQV epidemic model for rapid spreading worms," Computers and Security. Oct. 2009.
[12]
C. C. Zou et al., "Code Red Worm Propagation Modeling and Analysis," 9th ACM Symp. on Computer and Communication Security, pp. 138--147, Washington, DC, 2002.
[13]
H. Zhou, al et, "Passive Worm Propagation Modeling and Analysis," Proc. IEEE Int'l Conf. on Computing in the Global Information Technology, Guadeloupe, French Caribbean, pp. 32, March. 2007.
[14]
H. Zhou, al et, "Modeling and Analysis of Active Benign Worms and Hybrid Benign Worms Containing the spread of Worms," Proc. IEEE Int'l Conf. on Networking, pp. 65, 2007.
[15]
Y. Jin, al et, "An SIRS model with a nonlinear incidence rate," Chaos Solitons and Fractals, vol. 34, pp. 1482--1497, December. 2007.
[16]
J. Kim, al et, "Cost Optimization in SIS model of worm infection," ETRI Journal, vol. 28, no. 5, pp. 1482--1497, 2006.
[17]
D. Moore, al et, "Internet Quarantine: Requirements for Containing Self-Propagating Code," IEEE INFOCOM, San Francisco, vol. 3, pp. 1901--1910, Mar--Apr. 2003.
[18]
O. Toutonji and S. M. Yoo, "Passive Benign Worm Propagation Modeling with Dynamic Quarantine Defense," KSII Transactions on Internet and Information Systems, vol. 3, no. 1, pp. 96--107, Feb. 2009.
Index Terms
- Propagation modeling and analysis of network worm attack
Recommendations
Code red worm propagation modeling and analysis
CCS '02: Proceedings of the 9th ACM conference on Computer and communications securityThe Code Red worm incident of July 2001 has stimulated activities to model and analyze Internet worm propagation. In this paper we provide a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken ...
Effective worm detection for various scan techniques
In recent years, the threats and damages caused by active worms have become more and more serious. In order to reduce the loss caused by fast-spreading active worms, an effective detection mechanism to quickly detect worms is desired. In this paper, we ...
Modeling and Analysis of Patching Structured Benign Worms Countering against Worms
ICVRV '14: Proceedings of the 2014 International Conference on Virtual Reality and VisualizationDue to the active defense of benign worms against the damage imposed by worms, benign worms have been paid enough attention by network security researchers. This paper presents patching structured benign worms, and we designed their deployment and work ...
Comments
Information & Contributors
Information
Published In
April 2010
257 pages
ISBN:9781450300179
DOI:10.1145/1852666
Copyright © 2010 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 April 2010
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CSIIRW '10
CSIIRW '10: Annual Cyber Security and Information Intelligence Research Workshop
April 21 - 23, 2010
Tennessee, Oak Ridge, USA
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 344Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in