SIAM Journal on Applied Mathematics
A scalable content-addressable network
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Chord: a scalable peer-to-peer lookup protocol for internet applications
IEEE/ACM Transactions on Networking (TON)
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
IEEE Security and Privacy
Computer
Dynamic Quarantine of Internet Worms
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
Proceedings of the second ACM workshop on Challenged networks
On the trade-off between speed and resiliency of flashworms and similar malcodes
Proceedings of the 2007 ACM workshop on Recurring malcode
Automated peer-to-peer security-update propagation network
ICCOMP'07 Proceedings of the 11th WSEAS International Conference on Computers
Proceedings of the 2008 ACM symposium on Applied computing
A local mean field analysis of security investments in networks
Proceedings of the 3rd international workshop on Economics of networked systems
Encounter-based worms: Analysis and defense
Ad Hoc Networks
A distributed framework for passive worm detection and throttling in P2P networks
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Worm versus alert: who wins in a battle for control of a large-scale network?
OPODIS'07 Proceedings of the 11th international conference on Principles of distributed systems
Hi-index | 0.00 |
We study the effectiveness of automatic patching and quantify the speed of patch dissemination required for worm containment. We focus on random scanning as this is representative of current generation worms, though smarter strategies exist. We find that even such "dumb'' worms require very fast patching. Our primary focus is on how delays due to worm detection and patch generation and dissemination affect worm spread. Motivated by scalability and trust issues, we consider a hierarchical system where network hosts are partitioned into subnets, each containing a patch server (termed superhost). Patches are disseminated to superhosts through an overlay connecting them and, after verification, to end hosts within subnets. When patch dissemination delay on the overlay is negligible, we find that the number of hosts infected is exponential in the ratio of worm infection rate to patch rate. This implies strong constraints on the time to disseminate, verify and install patches in order for it to be effective. We also provide bounds that account for alert or patch dissemination delay. Finally, we evaluate the use of filtering in combination with patching and show that it can substantially improve worm containment. The results accommodate a variety of overlays by a novel abstraction of minimum broadcast curve. They demonstrate that effective automatic patching is feasible if combined with mechanisms to bound worm scan rate and with careful engineering of the patch dissemination. The results are obtained analytically and verified by simulations.