A scalable content-addressable network
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Scalable application layer multicast
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Extractors: optimal up to constant factors
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
An Analysis of the Slapper Worm
IEEE Security and Privacy
IEEE Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
IEEE Security and Privacy
Proceedings of the 2004 ACM workshop on Rapid malcode
Routing Worm: A Fast, Selective Attack Worm Based on IP Address Information
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
On the effectiveness of automatic patching
Proceedings of the 2005 ACM workshop on Rapid malcode
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
| Hi-index | 0.00 |
Inspired by the Flash worm paper [1], we formulate and investigate the problem of finding a fast and resilient propagation topology and propagation schedule for Flash worms and similar malcodes. Resiliency means a very large proportion of infectable targets are still infected no matter which fraction of targets are not infectable. There is an intrinsic tradeoff between speed and resiliency, since resiliency requires transmission redundancy which slows down themalcode. To investigate this problem formally, we need an analytical model. We first show that, under a moderately general analytical model, the problem of optimizing propagation time isNP-hard. This fact justifies the need for a simpler model, which we present next. In this simplified model, we present an optimal propagation topology and schedule, which is then shown by simulationto be even faster than the Flash worm. Moreover, our worm is faster even when the source has much less bandwidth capability. We also show that for every preemptive schedule there exists a nonpreemptive schedule which is just as effective. This fact greatly simplifies the optimization proble In terms of the aforementioned tradeoff, we give a propagation topology based on extractor graphs which can reduce the infection time linearly while keeping the expected number of infected nodes exponentially close to optimal.