Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
Simulation of Network Traffic at Coarse Timescales
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Proceedings of the second ACM workshop on Challenged networks
Encounter-based worms: Analysis and defense
Ad Hoc Networks
Containment of misinformation spread in online social networks
Proceedings of the 3rd Annual ACM Web Science Conference
Analysis of misinformation containment in online social networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A cutting-plane algorithm for solving a weighted influence interdiction problem
Computational Optimization and Applications
Hi-index | 0.00 |
The recent proliferation of Internet worms has raised questions about defensive measures. To date most techniques proposed are passive, in-so-far as they attempt to block or slow a worm, or detect and filter it. Active defenses take the battle to the worm—trying to eliminate or isolate infected hosts, and/or automatically and actively patch susceptible but as-yet-uninfected hosts, without the knowledge of the host's owner. The concept of active defenses raises important legal and ethical questions that may have inhibited consideration for general use in the Internet. However, active defense may have immediate application when confined to dedicated networks owned by an enterprise or government agency. In this paper we model the behavior and effectiveness of different active worm defenses. Using a discrete stochastic model we prove that these approaches can be strongly ordered in terms of their worm-fighting capability. Using a continuous model we consider effectiveness in terms of the number of hosts that are protected from infection, the total network bandwidth consumed by the worms and the defenses, and the peak scanning rate the network endures while the worms and defenses battle. We develop optimality results, and quantitative bounds on defense performance. Our work lays a mathematical foundation for further work in analysis of active worm defense.