A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Accelerating the Propagation of Active Worms by Employing Multiple Target Discovery Techniques
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Defending against the propagation of active worms
The Journal of Supercomputing
Modeling the propagation of Peer-to-Peer worms
Future Generation Computer Systems
Modeling the spread of internet worms via persistently unpatched hosts
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Pandora: a platform for worm simulations in mobile ad-hoc networks
ACM SIGMOBILE Mobile Computing and Communications Review
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
The probability model of peer-to-peer botnet propagation
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part I
Hi-index | 0.00 |
Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormous adverse impact on the Internet. There is a great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of worms beyond its early stages. Specifically, using the branching process model, we are able to (1) provide a precise condition that determines whether the worm will eventually die out and (2) provdide the probability that the total number of hosts that the worm infects will be below a certain level. We use these insights to develop a simple automatic worm containment scheme, which is demonstrated, through simulations and real trace data, to be both effective and non-intrusive.