Introduction to Algorithms
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Worm Origin Identification Using Random Moonwalks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
On the performance of internet worm scanning strategies
Performance Evaluation
Effective worm detection for various scan techniques
Journal of Computer Security
Optimal worm-scanning method using vulnerable-host distributions
International Journal of Security and Networks
On the race of worms, alerts, and patches
IEEE/ACM Transactions on Networking (TON)
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An Advanced Hybrid Peer-to-Peer Botnet
IEEE Transactions on Dependable and Secure Computing
Sampling strategies for epidemic-style information dissemination
IEEE/ACM Transactions on Networking (TON)
The SIC botnet lifecycle model: A step beyond traditional epidemiological models
Computer Networks: The International Journal of Computer and Telecommunications Networking
A scalable network forensics mechanism for stealthy self-propagating attacks
Computer Communications
Hi-index | 0.00 |
Internet worm infection continues to be one of top security threats and has been widely used by botnets to recruit new bots. In this work, we attempt to quantify the infection ability of individual hosts and reveal the key characteristics of the underlying topology formed by worm infection, i.e., the number of children and the generation of the worm infection family tree. Specifically, we apply probabilistic modeling methods and a sequential growth model to analyze the infection tree of a wide class of worms. Through both mathematical analysis and simulation, we find that the number of children has asymptotically a geometric distribution with parameter 0.5. As a result, on average half of infected hosts never compromise any vulnerable host, over 98% of infected hosts have no more than five children, and a small portion of infected hosts have a large number of children. We also discover that the generation follows closely a Poisson distribution and the average path length of the worm infection family tree increases approximately logarithmically with the total number of infected hosts.