Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations
MASCOTS '02 Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
IEEE Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Hi-index | 0.00 |
When worms self replicate, their probe traffic increases the network load. It is known that some "bandwidth-limited" worms such as Slammer spread so rapidly that they impede their own progress by congesting the network. Existing worm epidemic models do not take into consideration the phenomenon of network congestion acting naturally to slow down the epidemic rate. In this paper, we present a new epidemic model, the community of households with limited inter-household bandwidths (COH-LIHB), which we believe is the first model to account for limited network capacity and its impact on the spreading rate of a random scanning worm. In addition to explaining the natural dampening effect of network congestion, we use the new model to study the effectiveness of active defenses, namely dynamic quarantine and rate limiting, which artificially restrict the bandwidth available to worm traffic. The COHLIHB model is applied to the specific example of a Slammer-like worm to show how the combination of quarantine and rate throttling hypothetically could have been effective in suppressing the Slammer outbreak.