DOI QR코드

DOI QR Code

The Analysis of Random Propagating Worms using Network Bandwidth

  • Ko, Kwang-Sun (School of Information and Communication Engineering, Sungkyunkwan University) ;
  • Jang, Hyun-Su (School of Information and Communication Engineering, Sungkyunkwan University) ;
  • Park, Byuong-Woon (School of Information and Communication Engineering, Sungkyunkwan University) ;
  • Eom, Young-Ik (School of Information and Communication Engineering, Sungkyunkwan University)
  • Received : 2010.02.27
  • Accepted : 2010.04.13
  • Published : 2010.04.29

Abstract

There is a well-defined propagation model, named the random constant spread (RCS) model, which explains worms that spread their clones with a random scanning strategy. This model uses the number of infected hosts in a domain as a factor in the worms' propagation. However, there are difficulties in explaining the characteristics of new Internet worms because they have several considerable new features: the denial of service by network saturation, the utilization of a faster scanning strategy, a smaller size in the worm's propagation packet, and to cause maximum damage before human-mediated responses are possible. Therefore, more effective factors are required instead of the number of infected hosts. In this paper, the network bandwidth usage rate is found to be an effective factor that explains the propagations of the new Internet worms with the random scanning strategy. The analysis and simulation results are presented using this factor. The simulation results show that the scan rate is more sensitive than the propagation packet for detecting worms' propagations.

Keywords

References

  1. Morris worm. http://en.wikipedia.org/wiki/Morris worm.
  2. Norman T. J. BAILEY, "The Mathematical Theory of Epidemics," Hafner Publishing Co, 1957.
  3. H.W. Hethcote, "The Mathematics of Infectious Diseases," In SIAM Review, vo.42, no.4, pp. 599-653, 2000. https://doi.org/10.1137/S0036144500371907
  4. D.M. Kienzle, M.C. Elder, "Recent worms: a survey and trends," in Proc. of the ACM Workshop on Rapid Malcode, pp.1-10, 2003.
  5. S. Qing, W. Wen, "A survey and trends on Internet worms," Computers & Security, vol.24, pp. 334-346, 2005. https://doi.org/10.1016/j.cose.2004.10.001
  6. C.C. Zou, D. Towsley, W. Gong, S. Cai, "Advanced Routing Worm and Its Security Challenges," Simulation, vol.82, no.1, pp.75-85, 2006. https://doi.org/10.1177/0037549706065344
  7. C.C. Zou, D. Towsley, W. Gong, "Modeling and Simulation Study of the Propagation and Defense of Internet Email Worm," IEEE Transactions on Dependable and Secure Computing, vol.4, no.2, pp.105-118, 2007. https://doi.org/10.1109/TDSC.2007.1001
  8. C.C. Zou, W. Gong, D. Towsley, L. Gao, "The monitoring and early detection of internet worms," IEEE/ACM Transactions on Networking (TON), vol.13, no.5, pp.961-974, 2005. https://doi.org/10.1109/TNET.2005.857113
  9. N. Provos, J. McClain, K. Wang, "Search Worms," in Proc. of the 4th ACM Workshop on Recurring Malcode, pp.1-8, 2006.
  10. D. Moore, C. Shannon, G.M. Voelker, S. Savage, "Internet Quarantine: Requirements for Containing Self-Propagating Code," in Proc. of IEEE Conference(INFOCOM 2003), 2003.
  11. S. Staniford, V. Paxson, N. Weaver, "How to Own the Internet in Your Spare Time," in Proc. of the 11th USENIX Security Symposium, pp.149-167, 2002.
  12. D. Moore, C. Shannon, "Code-Red: a Case Study on the Spread and Victims of an Internet Worm," in Proc. of the 2002 ACM SIGCOMM Internet Measurement Workshop, pp.273-284, 2002.
  13. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, "Inside the Slammer Worm," IEEE Security & Privacy, vol.1, no.4, 2003.
  14. J.C. Frauenthal, "Mathematical Modeling in Epidemiology," Springer-Verlag, 1980.
  15. C.C. Zou, W. Gong, D. Towsley, "Code Red Worm Propagation Modeling and Analysis," in Proc. of CCS02, 2002.
  16. CAIDA (Cooperative Association for InternetData Analysis). http://www.caida.org.
  17. IANA (Internet Assigned Numbers Authority). http://www.iana.org.
  18. The network simulator: NS-2. http://www.isi.edu/nsnam/ns.
  19. The MathWorks. http://www.mathworks.com.