• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.1
• /
• pp.96-107
• /
• 2009

Worm attacks can greatly distort network performance, and countering infections can exact a heavy toll on economic and technical resources. Worm modeling helps us to better understand the spread and propagation of worms through a network, and combining effective types of mitigation techniques helps prevent and mitigate the effects of worm attacks. In this paper, we propose a mathematical model which combines both dynamic quarantine and passive benign worms. This Passive Worm Dynamic Quarantine (PWDQ) model departs from previous models in that infected hosts will be recovered either by passive benign worms or quarantine measure. Computer simulation shows that the performance of our proposed model is significantly better than existing models, in terms of decreasing the number of infectious hosts and reducing the worm propagation speed.

• Journal of Information Processing Systems
• /
• v.5 no.1
• /
• pp.33-40
• /
• 2009

Ever since the network-based malicious code commonly known as a 'worm' surfaced in the early part of the 1980's, its prevalence has grown more and more. The RCS (Random Constant Spreading) worm has become a dominant, malicious virus in recent computer networking circles. The worm retards the availability of an overall network by exhausting resources such as CPU capacity, network peripherals and transfer bandwidth, causing damage to an uninfected system as well as an infected system. The generation and spreading cycle of these worms progress rapidly. The existing studies to counter malicious code have studied the Microscopic Model for detecting worm generation based on some specific pattern or sign of attack, thus preventing its spread by countering the worm directly on detection. However, due to zero-day threat actualization, rapid spreading of the RCS worm and reduction of survival time, securing a security model to ensure the survivability of the network became an urgent problem that the existing solution-oriented security measures did not address. This paper analyzes the recently studied efficient dynamic network. Essentially, this paper suggests a model that dynamically controls the RCS worm using the characteristics of Power-Law and depth distribution of the delivery node, which is commonly seen in preferential growth networks. Moreover, we suggest a model that dynamically controls the spread of the worm using information about the depth distribution of delivery. We also verified via simulation that the load for each node was minimized at an optimal depth to effectively restrain the spread of the worm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.43-53
• /
• 2007

Internet becomes more and more popular, and most companies and institutes use web services for e-business and many other purposes. With the explosion of Internet, the occurrence of cyber terrorism has grown very rapidly. Simulation is one of the most widely used method to study internet worms. But, it is quite challenging to simulate very large-scale worm attacks because of various reasons. In this paper, we propose a hybrid modeling method for RCS(Random Constant Spreading) worm simulation. The proposed hybrid model simulates worm attacks by synchronizing modeling network and packet network. So, this model will be both detailed enough to generate realistic packet traffic, and efficient enough to model a worm spreading through the Internet. Moreover, our model have the capability of dynamic updates of the modeling parameters. Finally, we simulate the hybrid model with the CodeRed worm to show validity of our proposed model for RCS worm simulation.

• Journal of Internet Computing and Services
• /
• v.15 no.1
• /
• pp.125-134
• /
• 2014

As the social media which was simple communication media is activated on account of twitter and facebook, it's usability and importance are growing recently. Although many companies are making full use of its the capacity of information diffusion for marketing, the adverse effects of this capacity are growing. Because social network is formed and communicates based on friendships and relationships, the spreading speed of the spam and mal-ware is very swift. In this paper, we draw parameters affecting malicious data diffusion in social network environment, and compare and analyze the diffusion capacity of each parameters by propagation experiment with XSS Worm and Koobface Worm. In addition, we discuss the structural characteristics of social network environment and then proposed malicious data propagation model based on parameters affecting information diffusion. n this paper, we made up BA and HK models based on SI model, dynamic model, to conduct the experiments, and as a result of the experiments it was proved that parameters which effect on propagation of XSS Worm and Koobface Worm are clustering coefficient and closeness centrality.

• Kyungpook Mathematical Journal
• /
• v.56 no.4
• /
• pp.1191-1205
• /
• 2016

The emergence of various Internet worms, including the stand-alone Code Red worm that caused a distributed denial of service (DDoS), has prompted many studies on their propagation speed to minimize potential damages. Many studies, however, assume the same probabilities for initially infected nodes to infect each node during their propagation, which do not reflect accurate Internet worm propagation modelling. Thus, this paper analyzes how Internet worm propagation speed varies according to the number of vulnerable hosts directly connected to infected hosts as well as the link costs between infected and vulnerable hosts. A mathematical model based on centrality theory is proposed to analyze and simulate the effects of degree centrality values and closeness centrality values representing the connectivity of nodes in a large-scale network environment on Internet worm propagation speed.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2005.06a
• /
• pp.1893-1896
• /
• 2005

Cutting force and face roughness have the largest influence on precision of a structure or processing efficiency in cutting processing. Thus cutting force model and face roughness model are necessary for this interpretation. In this paper, tool path model and face roughness model which consider the blade number of a tool and a revolution speed of tool and workpiece in the worm processing using side milling cutter are presented. This model was used to forcast the cusp. Experimental results show that the predicted cusp coincides with experimental one.

• ETRI Journal
• /
• v.30 no.1
• /
• pp.81-88
• /
• 2008

The security threat posed by worms has steadily increased in recent years. This paper discusses the application of the optimal and sub-optimal Internet worm control via Pontryagin's maximum principle. To this end, a control variable representing the optimal treatment strategy for infectious hosts is introduced into the two-factor worm model. The numerical optimal control laws are implemented by the multiple shooting method and the sub-optimal solution is computed using genetic algorithms. Simulation results demonstrate the effectiveness of the proposed optimal and sub-optimal strategies. It also provides a theoretical interpretation of the practical experience that the maximum implementation of treatment in the early stage is critically important in controlling outbreaks of Internet worms. Furthermore, our results show that the proposed sub-optimal control can lead to performance close to the optimal control, but with much simpler strategies for long periods of time in practical use.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.165-172
• /
• 2006

There are various threats as side effects against the growth of information technology, and malicious codes such as Internet worms may bring about confusions to upset a national backbone network. In this paper, we examine the existed spreading models and propose a new worm spreading model on Internet environment. We also predict and analyze the spreading effects of high-speed Internet worms. The proposed model leads to a better prediction of the worm spreading since various factors are considered.

• Journal of Institute of Control, Robotics and Systems
• /
• v.21 no.3
• /
• pp.250-256
• /
• 2015

We present a novel method to model the body posture of a worm for vision-based automatic monitoring and analysis. The worm considered in this study is a Caenorhabditis elegans (C. elegans), which is popularly used for research in biological science and engineering. We model the posture by an open chain of a few curved or rigid line segments, in contrast to previously published approaches wherein a large number of small rigid elements are connected for the modeling. Each link segment is represented by only two parameters: an arc angle and an arc length for a curved segment, or an orientation angle and a link length for a straight line segment. Links in the proposed method can be readily related using the Denavit-Hartenberg convention due to similarities to the kinematics of an articulated manipulator. Our method was tested with real worm images, and accurate results were obtained.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.5
• /
• pp.517-521
• /
• 2008

A worm is a malware that propagates quickly from host to host without any human intervention. Need of early worm detection has changed research paradigm from signature based worm detection to the behavioral based detection. To increase effectiveness of proposed solution, in this paper we present mechanism of detection and prevention of worm in distributed fashion. Furthermore, to minimize the worm destruction; upon worm detection we propagate the possible attack aleγt to neighboring nodes in secure and organized manner. Considering worm behavior, our proposed mechanism detects worm cycles and infection chains to detect the sudden change in network performance. And our model neither needs to maintain a huge database of signatures nor needs to have too much computing power, that is why it is very light and simple. So, our proposed scheme is suitable for the ubiquitous environment. Simulation results illustrate better detection and prevention which leads to the reduction of infection rate.