Elements of information theory
Elements of information theory
Simulation
Observed structure of addresses in IP traffic
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
IEEE Security and Privacy
Worm Detection, Early Warning and Response Based on Local Victim Information
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A self-learning worm using importance scanning
Proceedings of the 2005 ACM workshop on Rapid malcode
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
On the performance of internet worm scanning strategies
Performance Evaluation
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
On the effectiveness of distributed worm monitoring
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Optimal worm-scanning method using vulnerable-host distributions
International Journal of Security and Networks
Exploiting network structure for proactive spam mitigation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
On the race of worms, alerts, and patches
IEEE/ACM Transactions on Networking (TON)
Peer to Peer Networks for Defense Against Internet Worms
IEEE Journal on Selected Areas in Communications
Characterizing and defending against divide-conquer-scanning worms
Computer Networks: The International Journal of Computer and Telecommunications Networking
Resilience strategies for networked malware detection and remediation
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hi-index | 0.00 |
This work provides an information-theoretic view to better understand the relationships between aggregated vulnerability information viewed by attackers and a class of randomized epidemic scanning algorithms. In particular, this work investigates three aspects: 1) a network vulnerability as the nonuniform vulnerable-host distribution, 2) threats, i.e., intelligent malwares that exploit such a vulnerability, and 3) defense, i.e., challenges for fighting the threats. We first study five large data sets and observe consistent clustered vulnerable-host distributions. We then present a new metric, referred to as the nonuniformity factor, that quantifies the unevenness of a vulnerable-host distribution. This metric is essentially the Renyi information entropy that unifies the nonuniformity of a vulnerable-host distribution with different malware-scanning methods. Next, we draw a relationship between Renyi entropies and randomized epidemic scanning algorithms. We find that the infection rates of malware-scanning methods are characterized by the Renyi entropies that relate to the information bits in a nonunform vulnerable-host distribution extracted by a randomized scanning algorithm. Meanwhile, we show that a representative network-aware malware can increase the spreading speed by exactly or nearly a nonuniformity factor when compared to a random-scanning malware at an early stage of malware propagation. This quantifies that how much more rapidly the Internet can be infected at the early stage when a malware exploits an uneven vulnerable-host distribution as a network-wide vulnerability. Furthermore, we analyze the effectiveness of defense strategies on the spread of network-aware malwares. Our results demonstrate that counteracting network-aware malwares is a significant challenge for the strategies that include host-based defenses and IPv6.