Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
IEEE Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
Preliminary results using scale-down to explore worm dynamics
Proceedings of the 2004 ACM workshop on Rapid malcode
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms
QoS-IP'05 Proceedings of the Third international conference on Quality of Service in Multiservice IP Networks
Network Control and Optimization
A simple reputation model for BitTorrent-like incentives
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
A taxonomy of biologically inspired research in computer networking
Computer Networks: The International Journal of Computer and Telecommunications Networking
A survey on bio-inspired networking
Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
Hi-index | 0.00 |
We present a simple, deterministic mathematical model for the spread of randomly scanning and bandwidth-saturating Internet worms. Such worms include Slammer and Witty, both of which spread extremely rapidly. Our model, consisting of coupled Kermack-McKendrick (a.k.a. stratified susceptibles-infectives (SI)) equations, captures both the measured scanning activity of the worm and the network limitation of its spread, that is, the effective scan-rate per worm/infective. The Internet is modeled as an ideal core network to which each peripheral (e.g., enterprise) network is connected via a single access link. It is further assumed in this note that as soon as a single end-system in the peripheral network is infected by the worm, the subsequent scanning of the rest of the Internet saturates the access link, that is, there is “instant” saturation. We fit our model to available data for the Slammer worm and demonstrate the model's ability to accurately represent Slammer's total scan-rate to the core.