The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Internet Worm Propagation Modeling using a Statistical Method

통계적 방법을 이용한 웜 전파 모델링

  • 우경문 (서울대학교 컴퓨터공학부 정보통신 연구실) ;
  • 김종권 (서울대학교 컴퓨터공학부)
  • Received : 2011.12.28
  • Accepted : 2012.03.09
  • Published : 2012.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

An Internet worm is a self-replicating malware program which uses a computer network. As the network connectivity among computers increases, Internet worms have become widespread and are still big threats. There are many approaches to model the propagation of Internet worms such as Code Red, Nimda, and Slammer to get the insight of their behaviors and to devise possible defense methods to suppress worms' propagation activities. The influence of the network characteristics on the worm propagation has usually been modeled by medical epidemic model, named SI model, due to its simplicity and the similarity of propagation patterns. So far, SI model is still dominant and new variations of the SI model, called SI-style models, are being proposed for the modeling of new Internet worms. In this paper, we elaborate the problems of SI-style models and then propose a new accurate stochastic model using an occupancy problem.

인터넷 웜은 컴퓨터 네트워크를 이용하여 자기 자신을 자동으로 복제해서 전파하는 프로그램이다. 컴퓨터간의 네트워크 연결이 증가함에 따라 인터넷 웜은 급격해 확산되었고 큰 위협으로 남아있다. 코드 레드, 님다, 슬레머 같은 인터넷 웜의 특성과 이들의 활동을 억제하는 방법을 찾기 위해서 웜이 전파되는 특성을 연구하려는 많은 시도가 있었다. 네트워크 특징들이 인터넷 웜 전파에 미치는 영향은 모델의 간단성과 유사성 때문에 주로 의학계에서 사용되는 전염병 전파 모델을 이용하여 모델링이 되었다. 이런 의학계 모델링은 널리 사용되면서 여러 개선된 모델들이 다양하게 제안되었다. 우리는 이전의 제안된 모델들의 문제점을 분석한 후 통계적 방법을 사용하여 정확도를 높이는 새로운 방법의 웜 전파 모델링을 제안한다.

Keywords

References

  1. E. Aben, "Conficker/Conflicker/Downadup as seen from the UCSD Network Telescope," http://www.caida.org/research/security/ms08-067/conficker.xml, 2009.
  2. Phillip Porras, Hassen Saıdi, and Vinod Yegneswaran, "A Foray into Conficker's Logic and Rendezvous Points," USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), 2009
  3. Kephart J O, White S R, "Directed-graph Epidemiological Models of Computer Viruses," Proc. of the IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, California, USA: IEEE Computer Society Press, 1991: 343-359.
  4. Stuart Staniford, Vern Paxson, Nicholas Weaver, "How to Own the internet in your spare time," USENIX security, 2002
  5. Piqueira JRC, Navarro BF, Monteiro LHA, "Epidemiological models applied to viruses in computer networks," journal of computer science, 2005.
  6. Dagon D, Zou CC, Lee W., "Modeling botnet propagation using time zones," In: Proc. Of the 13thAnnualNetworkandDistributedSystemSecur itySymp.(NDSS2006).2006.
  7. ChangRui Guo, ShaoHong Cai, HaiPing Zhou, DaMin Zhang, "Susceptible-Infected-Susceptible Virus Spread Model in 2-Dimension Regular Network under Local Area Control," International Conference on Networking and Digital Society, 2009.
  8. Chen Junhua, Wei Shengjun, Peng Wu, "General Worm Propagation Model for Wireless Ad Hoc Networks," International Conference on Computer Science and Information Technology, 2009.
  9. Ben-hua Guo, Shao-hong Cai, "THE SIS-BD MODEL OF COMPUTER VIRUS SPREADING ON INTERNET," Wireless Communications, Networking and Mobile Computing, 2007.
  10. Ming Liu, Lansheng Han*, Fan Hong, Mengsong Zou, "A Computer Virus Propagation Model in P2P Networks," International Workshop on Education Technology and Computer Science, 2009.
  11. Narisa Zhao, Xianfeng Zhang, "The Worm Propagation Model and Control Strategy Based on Distributed Honeynet," International Conference on Computer Science and Software Engineering, 2008.
  12. Jose R.C. Piqueira, Adolfo A. de Vasconcelos, Carlos E.C.J. Gabriel, Vanessa O. Araujo, "Dynamical models for computer viruses," Computers & Security, 2008.
  13. Jose Roberto C. Piqueira, Vanessa O. Araujo, "A modified epidemiological model for computer viruses," Applied Mathematics and Computation, 2009.
  14. Sarah H. Sellke, Ness B. Shroff, Saurabh Bagchi, "Modeling and Automated Containment of Worms," Transactions on Dependable and Secure Computing, 2008.
  15. Piet Van Mieghem, Jasmina Omic, and Robert Kooij, "Virus Spread in Networks," Transactions on Networking, 2009.
  16. Jose R. C. Piqueira and Felipe Barbosa Cesar, "Dynamical models for computer viruses Propagation," Mathematical Problems in Engineering, 2008
  17. Marc Lelarge, Jean Bolot, "A Local Mean Field Analysis of Security Investments in Networks," Proceedings of the 3rd international workshop on Economics of networked systems, 2008.
  18. Zhichao Zhu, Guohong Cao, Sencun Zhu, Supranamaya Ranjan and Antonio Nucci, "A Social Network Based Patching Scheme for Worm Containment in Cellular Networks," INFOCOM, 2009.

Cited by

  1. Propagation Models for Structural Parameters in Online Social Networks vol.15, pp.1, 2014, https://doi.org/10.7472/jksii.2014.15.1.125