Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
The “worm” programs—early experience with a distributed computation
Communications of the ACM
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
IEEE Security and Privacy
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Recent worms: a survey and trends
Proceedings of the 2003 ACM workshop on Rapid malcode
Proceedings of the 2003 ACM workshop on Rapid malcode
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Experiences with worm propagation simulations
Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Conversation Exchange Dynamics for Real-Time Network Monitoring and Anomaly Detection
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
ACT: attachment chain tracing scheme for email virus detection and control
Proceedings of the 2004 ACM workshop on Rapid malcode
Proceedings of the 2004 ACM workshop on Rapid malcode
Preliminary results using scale-down to explore worm dynamics
Proceedings of the 2004 ACM workshop on Rapid malcode
Proceedings of the 2004 ACM workshop on Rapid malcode
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Defending a P2P Digital Preservation System
IEEE Transactions on Dependable and Secure Computing
Modeling Viral Spread by Random Scanning and Its Relationship with the Epidemiological Model
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Distributed Worm Simulation with a Realistic Internet Model
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Comparative Study between Analytical Models and Packet-Level Worm Simulations
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Toward an Automated Attack Model for Red Teams
IEEE Security and Privacy
The Blaster Worm: Then and Now
IEEE Security and Privacy
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 2005 ACM workshop on Rapid malcode
A self-learning worm using importance scanning
Proceedings of the 2005 ACM workshop on Rapid malcode
Defending against hitlist worms using network address space randomization
Proceedings of the 2005 ACM workshop on Rapid malcode
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
The limits of global scanning worm detectors in the presence of background noise
Proceedings of the 2005 ACM workshop on Rapid malcode
The detection of RCS worm epidemics
Proceedings of the 2005 ACM workshop on Rapid malcode
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Mitigating denial of service attacks: a tutorial
Journal of Computer Security
Internet instability and disturbance: goal or menace?
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
On the performance of internet worm scanning strategies
Performance Evaluation
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
A study of malware in peer-to-peer networks
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
A preliminary investigation of worm infections in a bluetooth environment
Proceedings of the 4th ACM workshop on Recurring malcode
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
A realistic simulation of internet-scale events
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
Worm damage minimization in enterprise networks
International Journal of Human-Computer Studies
Integrity and its applications
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Modeling malcode with Hephaestus: beyond simple spread
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Network Software Security and User Incentives
Management Science
An analysis of distributed sensor data aggregation for network intrusion detection
Microprocessors & Microsystems
Network Software Security and User Incentives
Management Science
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Modeling and Simulations of TCP MANET Worms
Proceedings of the 21st International Workshop on Principles of Advanced and Distributed Simulation
The phoenix recovery system: rebuilding from the ashes of an internet catastrophe
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Glacier: highly durable, decentralized storage despite massive correlated failures
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On the effectiveness of distributed worm monitoring
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
Defending against hitlist worms using network address space randomization
Computer Networks: The International Journal of Computer and Telecommunications Networking
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
DAW: A Distributed Antiworm System
IEEE Transactions on Parallel and Distributed Systems
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
A new worm exploiting IPv4-IPv6 dual-stack networks
Proceedings of the 2007 ACM workshop on Recurring malcode
On the trade-off between speed and resiliency of flashworms and similar malcodes
Proceedings of the 2007 ACM workshop on Recurring malcode
Deterministic and stochastic models for the detection of random constant scanning worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Optimal worm-scanning method using vulnerable-host distributions
International Journal of Security and Networks
International Journal of Information and Computer Security
BotTorrent: misusing BitTorrent to launch DDoS attacks
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Spamscatter: characterizing internet scam hosting infrastructure
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Detection of unknown computer worms based on behavioral classification of the host
Computational Statistics & Data Analysis
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
A worm early detection system based on multi-similarity
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
Security and insurance management in networks with heterogeneous agents
Proceedings of the 9th ACM conference on Electronic commerce
Network Security: Know It All: Know It All
Network Security: Know It All: Know It All
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Modeling and analysis of worm defense using stochastic activity networks
SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
Extending hardware based mandatory access controls for memory to multicore architectures
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Measurement and Analysis of Autonomous Spreading Malware in a University Environment
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Trust Management for Host-Based Collaborative Intrusion Detection
DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
Correcting congestion-based error in network telescope's observations of worm dynamics
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Peer-to-peer system-based active worm attacks: Modeling, analysis and defense
Computer Communications
On capturing malware dynamics in mobile power-law networks
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Fast intrusion detection based on a non-negative matrix factorization model
Journal of Network and Computer Applications
Accelerating the Propagation of Active Worms by Employing Multiple Target Discovery Techniques
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Online Accumulation: Reconstruction of Worm Propagation Path
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Epidemiology and Wireless Communication: Tight Analogy or Loose Metaphor?
Bio-Inspired Computing and Communication
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Hybrid Intrusion Forecasting Framework for Early Warning System
IEICE - Transactions on Information and Systems
An integrated approach to detection of fast and slow scanning worms
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security
Active learning for network intrusion detection
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
An empirical study of malware evolution
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Defending against the propagation of active worms
The Journal of Supercomputing
Creation of the importance scanning worm using information collected by Botnets
Computer Communications
Self-adaptive worms and countermeasures
SSS'06 Proceedings of the 8th international conference on Stabilization, safety, and security of distributed systems
Exploiting social interactions in mobile systems
UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing
Botzilla: detecting the "phoning home" of malicious software
Proceedings of the 2010 ACM Symposium on Applied Computing
Investigating the impact of real-world factors on internet worm propagation
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Modeling worm propagation through hidden wireless connections
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A mathematical view of network-based suppressions of worm epidemics
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A behaviour study of network-aware stealthy worms
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Design of a multi_agent system for worm spreading_reduction
Journal of Intelligent Information Systems
Beyond heuristics: learning to classify vulnerabilities and predict exploits
Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
Modeling the propagation of Peer-to-Peer worms
Future Generation Computer Systems
How to distribute antidote to control epidemics
Random Structures & Algorithms
A view on current malware behaviors
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Ultra-high throughput string matching for deep packet inspection
Proceedings of the Conference on Design, Automation and Test in Europe
Internet background radiation revisited
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Characterizing and defending against divide-conquer-scanning worms
Computer Networks: The International Journal of Computer and Telecommunications Networking
Behavior-based worm detectors compared
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Understanding dynamic denial of service attacks in mobile ad hoc networks
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Web server protection by customized instruction set encoding
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Fast and practical instruction-set randomization for commodity systems
Proceedings of the 26th Annual Computer Security Applications Conference
Conficker and beyond: a large-scale empirical study
Proceedings of the 26th Annual Computer Security Applications Conference
Securing the data path of next-generation router systems
Computer Communications
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
Properties and Evolution of Internet Traffic Networks from Anonymized Flow Data
ACM Transactions on Internet Technology (TOIT)
Worm detection and auto-signature extraction in large scale network
NN'05 Proceedings of the 6th WSEAS international conference on Neural networks
On detecting active worms with varying scan rate
Computer Communications
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
ACM Transactions on Modeling and Computer Simulation (TOMACS)
On the impacts of join and leave on the propagation ratio of topology-aware active worms
Proceedings of the 4th international conference on Security of information and networks
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
A new user-habit based approach for early warning of worms
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
An extensible and flexible system for network anomaly detection
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Fast detection of worm infection for large-scale networks
ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
Traffic anomaly detection and characterization in the tunisian national university network
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Model and estimation of worm propagation under network partition
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
An automatic and generic early-bird system for internet backbone based on traffic anomaly detection
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part I
ICARIS'05 Proceedings of the 4th international conference on Artificial Immune Systems
Models and analysis of active worm defense
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
TAO: protecting against hitlist worms using transparent address obfuscation
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Key factors influencing worm infection in enterprise networks
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Security adoption in heterogeneous networks: the influence of cyber-insurance market
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
High-performance hardware monitors to protect network processors from data plane attacks
Proceedings of the 50th Annual Design Automation Conference
Spatio-temporal mining of software adoption & penetration
Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
Security analysis of online centroid anomaly detection
The Journal of Machine Learning Research
Security adoption and influence of cyber-insurance markets in heterogeneous networks
Performance Evaluation
Towards an immunity-based anomaly detection system for network traffic
International Journal of Knowledge-based and Intelligent Engineering Systems
Hi-index | 0.00 |
On July 19, 2001, more than 359,000 computers connected to the Internet were infected with the Code-Red (CRv2) worm in less than 14 hours. The cost of this epidemic, including subsequent strains of Code-Red, is estimated to be in excess of $2.6 billion. Despite the global damage caused by this attack, there have been few serious attempts to characterize the spread of the worm, partly due to the challenge of collecting global information about worms. Using a technique that enables global detection of worm spread, we collected and analyzed data over a period of 45 days beginning July 2nd, 2001 to determine the characteristics of the spread of Code-Red throughout the Internet.In this paper, we describe the methodology we use to trace the spread of Code-Red, and then describe the results of our trace analyses. We first detail the spread of the Code-Red and CodeRedII worms in terms of infection and deactivation rates. Even without being optimized for spread of infection, Code-Red infection rates peaked at over 2,000 hosts per minute. We then examine the properties of the infected host population, including geographic location, weekly and diurnal time effects, top-level domains, and ISPs. We demonstrate that the worm was an international event, infection activity exhibited time-of-day effects, and found that, although most attention focused on large corporations, the Code-Red worm primarily preyed upon home and small business users. We also qualified the effects of DHCP on measurements of infected hosts and determined that IP addresses are not an accurate measure of the spread of a worm on timescales longer than 24 hours. Finally, the experience of the Code-Red worm demonstrates that wide-spread vulnerabilities in Internet hosts can be exploited quickly and dramatically, and that techniques other than host patching are required to mitigate Internet worms.