Computer viruses: theory and experiments
Computers and Security
Communications of the ACM
IEEE Spectrum
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Measuring and Modeling Computer Virus Prevalence
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Proceedings of the 2003 ACM workshop on Rapid malcode
Experiences with worm propagation simulations
Proceedings of the 2003 ACM workshop on Rapid malcode
Comparing Passive and Active Worm Defenses
QEST '04 Proceedings of the The Quantitative Evaluation of Systems, First International Conference
Routing Worm: A Fast, Selective Attack Worm Based on IP Address Information
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms
QoS-IP'05 Proceedings of the Third international conference on Quality of Service in Multiservice IP Networks
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Design space and analysis of worm defense strategies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
Exact probability distributions for peer-to-peer epidemic information diffusion
ACM SIGMETRICS Performance Evaluation Review
Performance modeling of epidemic routing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms
IEEE Transactions on Dependable and Secure Computing
Fast Worm Containment Using Feedback Control
IEEE Transactions on Dependable and Secure Computing
Efficient simulation of Internet worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Optimal worm-scanning method using vulnerable-host distributions
International Journal of Security and Networks
A Distributed Framework for the Detection of New Worm-Related Malware
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security
Honeypot detection in advanced botnet attacks
International Journal of Information and Computer Security
Characterizing and defending against divide-conquer-scanning worms
Computer Networks: The International Journal of Computer and Telecommunications Networking
Enhancing Intrusion Detection System with proximity information
International Journal of Security and Networks
Sampling strategies for epidemic-style information dissemination
IEEE/ACM Transactions on Networking (TON)
Characterizing internet worm infection structure
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Fast quarantining of proactive worms in unstructured P2P networks
Journal of Network and Computer Applications
Learning-based algorithm for detecting abnormal traffic
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Openflow random host mutation: transparent moving target defense using software defined networking
Proceedings of the first workshop on Hot topics in software defined networks
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
Simulating network cyber attacks using splitting techniques
Proceedings of the Winter Simulation Conference
Simulating non-stationary congestion systems using splitting with applications to cyber security
Proceedings of the Winter Simulation Conference
An agent-based model to simulate coordinated response to malware outbreak within an organisation
International Journal of Information and Computer Security
The SIC botnet lifecycle model: A step beyond traditional epidemiological models
Computer Networks: The International Journal of Computer and Telecommunications Networking
Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
| Hi-index | 0.00 |
In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to first understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In this paper, we systematically model and analyze worm propagation under various scanning strategies, such as uniform scan, routing scan, hit-list scan, cooperative scan, local preference scan, sequential scan, divide-and-conquer scan, target scan, etc. We also provide an analytical model to accurately model Witty worm's destructive behavior. By using the same modeling framework, we reveal the underlying similarity and relationship between different worm scanning strategies. In addition, based on our simulation and analysis of Blaster worm propagation and monitoring, we provide a guideline for building a better worm monitoring infrastructure.