On the race of worms, alerts, and patches

Authors:
Milan Vojnovic;Ayalvadi J. Ganesh
Affiliations:
Microsoft Research Ltd., Cambridge, UK;Microsoft Research Ltd., Cambridge, UK
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2008

Citing 11
Cited 6

A scalable content-addressable network

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Chord: a scalable peer-to-peer lookup protocol for internet applications

IEEE/ACM Transactions on Networking (TON)
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems

Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Inside the Slammer Worm

IEEE Security and Privacy
Dynamic Quarantine of Internet Worms

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
Countering Network Worms Through Automatic Patch Generation

IEEE Security and Privacy
Planet scale software updates

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
How to model an internetwork

INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2
Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms

QoS-IP'05 Proceedings of the Third international conference on Quality of Service in Multiservice IP Networks

Deriving a closed-form expression for worm-scanning strategies

International Journal of Security and Networks
An information-theoretic view of network-aware malware attacks

IEEE Transactions on Information Forensics and Security
A survey on bio-inspired networking

Computer Networks: The International Journal of Computer and Telecommunications Networking
Characterizing internet worm infection structure

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
An adversarial evaluation of network signaling and control mechanisms

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
A Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale Networks

ACM Transactions on Modeling and Computer Simulation (TOMACS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We provide an analytical framework for evaluating the performance of automatic patching systems. We use it to quantify the speed of patch or alert dissemination required for worm containment. Motivated by scalability and trust issues, we consider a hierarchical system where network hosts are organized into subnets, each containing a patch server (termed superhost). Patches are disseminated to superhosts through an overlay connecting them and, after verification, to end hosts within subnets. The analytical framework accommodates a variety of overlays through the novel abstraction of a minimum broadcast curve. It also accommodates filtering of scans across subnets. The framework provides quantitative estimates that can guide system designers in dimensioning automatic patching systems. The results are obtained mathematically and verified by simulation.