Pulse quarantine strategy of internet worm propagation: Modeling and analysis

Authors:
Yu Yao;Lei Guo;Hao Guo;Ge Yu;Fu-Xiang Gao;Xiao-Jun Tong
Affiliations:
Key Laboratory of Medical Image Computing, Northeastern University, Ministry of Education, Shenyang 110819, China and College of Information Science and Engineering, Northeastern University, Sheny ...;Key Laboratory of Medical Image Computing, Northeastern University, Ministry of Education, Shenyang 110819, China and College of Information Science and Engineering, Northeastern University, Sheny ...;Key Laboratory of Medical Image Computing, Northeastern University, Ministry of Education, Shenyang 110819, China and College of Information Science and Engineering, Northeastern University, Sheny ...;Key Laboratory of Medical Image Computing, Northeastern University, Ministry of Education, Shenyang 110819, China and College of Information Science and Engineering, Northeastern University, Sheny ...;Key Laboratory of Medical Image Computing, Northeastern University, Ministry of Education, Shenyang 110819, China and College of Information Science and Engineering, Northeastern University, Sheny ...;Department of Computer Science, Harbin Institute of Technology, Weihai, China
Venue:
Computers and Electrical Engineering
Year:
2012

Citing 7
Cited 0

Computers and epidemiology

IEEE Spectrum
Worm propagation modeling and analysis under dynamic quarantine defense

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis based on quarantine

InfoSecu '04 Proceedings of the 3rd international conference on Information security
A hybrid intrusion detection system design for computer network security

Computers and Electrical Engineering
An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks

Expert Systems with Applications: An International Journal
Stability of periodic solutions for an SIS model with pulse vaccination

Mathematical and Computer Modelling: An International Journal
Theoretical examination of the pulse vaccination policy in the SIR epidemic model

Mathematical and Computer Modelling: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Worms can spread throughout the Internet very quickly and are a great security threat. Constant quarantine strategy is a defensive measure against worms, but its reliability in current imperfect intrusion detection systems is poor. A pulse quarantine strategy is thus proposed in the current study. The pulse quarantine strategy adopts a hybrid intrusion detection system with both misuse and anomaly detection. Through analysis of corresponding worm propagation models, its stability condition is obtained: when the basic reproduction number is less than one, the model is stable at its infection-free periodic equilibrium point where worms get eliminated. Numerical and simulation experiments show that constant quarantine strategy is inefficient because of its high demand on the patching rate at ''birth'', whereas the pulse quarantine strategy can lead to worm elimination with a relatively low value. As patching almost all hosts in the actual network is difficult, the pulse quarantine strategy is more effective in worm elimination.