Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
IPv6 Initiatives Within the European National Research and Education Networks (NRENs)
SAINT-W '03 Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops)
Proceedings of the 2004 ACM workshop on Rapid malcode
Proceedings of the 2004 ACM workshop on Rapid malcode
Worm Origin Identification Using Random Moonwalks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting mass-mailing worm infected hosts by mining DNS traffic data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 2005 ACM workshop on Rapid malcode
A self-learning worm using importance scanning
Proceedings of the 2005 ACM workshop on Rapid malcode
Defending against hitlist worms using network address space randomization
Proceedings of the 2005 ACM workshop on Rapid malcode
A note on the spread of worms in scale-free networks
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Realizing the transition to IPv6
IEEE Communications Magazine
A new worm exploiting IPv6 and IPv4-IPv6 dual-stack networks
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
It is commonly believed that the IPv6 protocol can provide good protection against network worms due to its huge address space. However, it is proved to be incorrect by our study on the new "dual-stack worm" which can spread in IPv4-IPv6 dual-stack networks. It is found in this paper that the dual-stack worm can collect the IPv6 addresses of all running hosts on the link-local quickly and effectively, which may result in accelerated worm spreading on the IPv6 link-locals. This worm applies a two-level scanning mechanism to find its targets in dual-stack networks, which is investigated by exploring its similarity to the self-replicating behaviors of biological viruses. Based on the ideas of classifying the population into different species or patches, we categorized all vulnerable hosts into two species and separated all dual-stack hosts into several patches to model the propagation of this worm by differential equations. Simulation is performed to validate the worm propagation model and to study the propagation of the worm in various dual-stack networks with different patch parameters. The simulation results show that the worm is able to spread much faster in IPv4-IPv6 dual-stack network than that in the pure IPv4 Internet. It is also noted that the dual-stack links may influence the propagation of the worm in the Internet