KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Passive Benign Worm Propagation Modeling with Dynamic Quarantine Defense

  • Toutonji, Ossama (Electrical and Computer Engineering Department The University of Alabam in Huntsville) ;
  • Yoo, Seong-Moo (Electrical and Computer Engineering Department The University of Alabam in Huntsville)
  • Published : 2009.02.23
Download PDF
⟨ Previous Next ⟩

Abstract

Worm attacks can greatly distort network performance, and countering infections can exact a heavy toll on economic and technical resources. Worm modeling helps us to better understand the spread and propagation of worms through a network, and combining effective types of mitigation techniques helps prevent and mitigate the effects of worm attacks. In this paper, we propose a mathematical model which combines both dynamic quarantine and passive benign worms. This Passive Worm Dynamic Quarantine (PWDQ) model departs from previous models in that infected hosts will be recovered either by passive benign worms or quarantine measure. Computer simulation shows that the performance of our proposed model is significantly better than existing models, in terms of decreasing the number of infectious hosts and reducing the worm propagation speed.

Keywords

References

  1. P. Li, M. Salour, and X. Su, “A Survey of Internet Worm Detection and Containment,” IEEE Communications Surveys & Tutorials, vol. 10, no. 1, pp. 20-35, 1st quarter, 2008. https://doi.org/10.1109/COMST.2008.4483668
  2. E. Skoudis and L. Zeltsr, Malware, Fighting Malicious Code, Pearson Education, 2004.
  3. J. Kim, W.O. Wilson, U. Aickelin, and J. McLeod, “Cooperative Automated Worm Response and Detection ImmuNe Algorithm (CARDINAL) Inspired by T-cell Immunity and Tolerance,” Proc. Int’l Conf. on Artificial Immune Systems, LNCS 3627, Banff, Canada, 2007.
  4. J. Kim, S. Radhakrishnan, and S.K. Dhall, “Measurement and Analysis of Worm Propagation on Internet Network Topology,” Proc. Int’l Conf. on Computer Communications and Networks (ICCCN’04), pp. 495-500, Chicago, Oct. 2004.
  5. F. Castaneda, E.C. Sezer, and J. Xu, “Worm vs. Worm: Preliminary Study of an Active Counter-Attack Mechanism,” Proc. 2003 ACM Workshop on Rapid Malcode (WORM’04), pp. 83-93, Washington, DC, Oct. 2004.
  6. S.H. Selke, N.B. Shroff, and S. Bagchi, “Modeling and Automated Containment of Worms,” IEEE Trans. on Dependable and Secure Computing, vol. 5, no. 2, pp. 71-86, April 2008. https://doi.org/10.1109/TDSC.2007.70230
  7. X. Yan and Y. Zou, “Optimal Internet Worm Treatment Strategy Based on the Two-Factor Model,” ETRI Journal, vol. 30, no. 1, pp. 81-88, Feb. 2008. https://doi.org/10.4218/etrij.08.0107.0050
  8. H. Zhou, Y. Wen, and H. Zhao, “Modeling and Analysis of Active Benign Worms and Hybrid Benign Worms Containing the Spread of Worms,” Proc. IEEE Int’l Conf. on Networking (ICN’07), 2007.
  9. Z. Chen, L. Gao, and K. Kwiat, “Modeling the Spread of Active Worms,” Proc. IEEE INFOCOM, vol. 3, pp. 1890-1900, 2003.
  10. R. Dantu, J. Cangussu, and A. Yelimeli, “Dynamic Control of Worm Propagation,” Proc. Int’l Conf. Information Technology: Coding and Computing (ITCC), 2004.
  11. J. Kim, S. Radhakrishnan, and J. Jang, “Cost Optimization in SIS Model of Worm Infection,” ETRI Journal, vol. 28, no. 5, pp. 692-695, 2006. https://doi.org/10.4218/etrij.06.0206.0026
  12. F. Wang, Y. Zhang, and J. Ma, “Modeling and Analysis of a Self-Learning Worm Based on Good Point Set Scanning,” Wireless Communications and Mobile Computing, Early View, Nov. 2008.
  13. D. Moore, C. Shannon, and J. Brown, “Code Red: a Case Study on the Spread and Victims of an Internet Worm,” Proc. 2nd ACM SIGCOMM Workshop on Internet Measurement, Marseille, France, Nov. 2002.
  14. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford,, and N. Weaver, “Inside the Slammer Worm,” IEEE Magazine of Security and Privacy, vol. 1, no. 4, pp. 33-39, 2003.
  15. D. J. Daley and J. Gani, Epidemic Modeling: An Introduction, Cambridge, Studies in Mathematical Biology, 2001.
  16. C.C. Zou, W. Gong, and D. Towsley, “Code Red Worm Propagation Modeling and Analysis,” 9th ACM Symp. on Computer and Communication Security, pp. 138-147, Washington DC, 2002.
  17. S. Staniford, V. Paxson, and W. Weaver, “How to Own the Internet in Your Spare Time,” 11th Usenix Security Symposium, San Francisco, Aug. 2002.
  18. J.O. Kephart, D.M. Chess, and S.R. White, “Computers and Epidemiology,” IEEE Spectrum, vol. 30, no. 5, pp. 20-26, 1993.
  19. D. Moore, C. Shannon, G. M. Voelker, and S. Savage, “Internet Quarantine: Requirements for Containing Self-Propagating Code,” Proc. IEEE INFOCOM, San Franciso, vol. 3, pp. 1901-1910, Mar.-Apr. 2003.
  20. C.C. Zou, W. Gong, and D. Towsley, “Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense,” Proc. 2003 ACM Workshop on Rapid Malcode (WORM’03), Washington, DC, Oct. 2003.
  21. H. Zhou, Y. Wen, and H. Zhao, “Passive Worm Propagation Modeling and Analysis,” Proc. IEEE Int’l Conf. on Computing in the Global Information Technology, Guadelope, French Caribbean, pp. 32, Mar. 2007.

Cited by

  1. Stability analysis of a SEIQV epidemic model for rapid spreading worms vol.29, pp.4, 2010, https://doi.org/10.1016/j.cose.2009.10.002
  2. Discrete-Time Simulation Method for Worm Propagation Model with Pulse Quarantine Strategy vol.15, pp.None, 2009, https://doi.org/10.1016/j.proeng.2011.08.781
  3. Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation vol.62, pp.3, 2012, https://doi.org/10.1007/s11227-012-0812-8
  4. Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression vol.2014, pp.None, 2009, https://doi.org/10.1155/2014/206867
  5. Spread and Control of Mobile Benign Worm Based on Two-Stage Repairing Mechanism vol.2014, pp.None, 2009, https://doi.org/10.1155/2014/746803
  6. Influence of removable devices on worm propagation under pulse quarantine strategy vol.22, pp.4, 2016, https://doi.org/10.1080/10798587.2016.1152768
  7. Malware Propagation and Prevention Model for Time-Varying Community Networks within Software Defined Networks vol.2017, pp.None, 2009, https://doi.org/10.1155/2017/2910310
  8. Impulsive Switching Epidemic Model with Benign Worm Defense and Quarantine Strategy vol.2020, pp.None, 2020, https://doi.org/10.1155/2020/3578390
  9. Dynamics and Control of Worm Epidemic Based on Mobile Networks by SEIQR-Type Model with Saturated Incidence Rate vol.2021, pp.None, 2009, https://doi.org/10.1155/2021/6637263