Abstract
Worms are becoming increasingly hostile. The exponential growth of infection rates allows small outbreaks to have worldwide consequences within minutes. Moreover, the collateral damage caused by infections can cripple the entire Internet. While harmful, such behaviors have historically been short-lived. We assert the future holds much more caustic malware. Attacks based on mutation and covert propagation are likely to be ultimately more damaging and long lasting. This assertion is supported by observations of natural systems, where similarly behaving parasites represent by far the most successful class of living creatures. This talk considers a parasite for the Internet, providing biological metaphors for its behavior and demonstrating the structure of pathogens. Through simulation, we show that even with low infection rates, a mutating pathogen will eventually infect an entire community. We posit the inevitability of such parasites and consider ways that they can be mitigated.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Spafford, E.H.: The Internet worm program: An analysis. ACM Computer Communication Review 19, 17–57 (1989)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy Magazine, 33–39 (2003)
Staniford, S., Moore, D., Paxson, V., Weaver, N.: The top speed of flash worms. In: Proceedings of the 2nd Workshop on Rapid Malcode (WORM 2004), Fairfax, VA, USA (2004)
Zimmer, C.: Parasite Rex: Inside the Bizarre World of Nature’s Most Dangerous Creatures. Free Press (2001)
Denkers, E.Y., Gazzinelli, R.T.: Regulation and function of T-cell-mediated immunity during Toxoplasma gondii infection. Clinical Microbiology Reviews 11, 569–588 (1998)
Berdoy, M., Webster, J., Macdonald, D.W.: Fatal attraction in rats infected with Toxoplasma gondii. In: Proceedings of the Royal Society of London: Biological Sciences, London, UK, pp. 1591–1594 (2000)
Centers for Disease Control: Parasitic disease information: Schistosomiasis fact sheet (2005), http://www.cdc.gov/ncidod/dpd/parasites/schistosomiasis/factsht_schistosomiasis.htm
McKerrow, J.H.: Cytokine induction and exploitation in schistosome infections. Parisitology 115, S107–S112 (1997)
Anderson, R., Mercer, J., Wilson, R., Carter, N.: Transmission of Schistosoma mansoni from man to snail: experimental studies of miracidial survival and infectivity in relation to larval age, water temperature, host size and host age. Parasitology 85, 339–360 (1982)
Darwin, C.: The Origin of Species, 6th edn. John Murray, London (1872)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: Proceedings of the 1st Workshop on Rapid Malcode (WORM 2003), Washington, DC, USA (2003)
Jaiswal, S., Iannaccone, G., Diot, C., Kurose, J., Towsley, D.: Inferring TCP connection characteristics through passive measurements. In: Proceedings of IEEE INFOCOM 2004, Hong Kong (2004)
de Alfaro, L., Kwiatkowska, M., Norman, G., Parker, D., Segala, R.: Symbolic model checking of probabilistic processes using MTBDDs and the Kroenecker representation. In: Schwartzbach, M.I., Graf, S. (eds.) TACAS 2000. LNCS, vol. 1785, p. 395. Springer, Heidelberg (2000)
Edelkamp, S., Leue, S., Lluch-Lafuente, A.: Directed explicit-state model checking in the validation of communication protocols. International Journal on Software Tools for Technology Transfer (STTT) 5, 247–267 (2004)
Voas, J., McGraw, G., Kassab, L., Voas, L.: A “crystal ball” for software liability. IEEE Computer 30, 29–36 (1997)
Rubin, S., Jha, S., Miller, B.P.: Automatic generation and analysis of NIDS attacks. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004),Tuscon, AZ, USA (2004)
Spears, W., DeJong, K., Baeck, T., Fogel, D., de Garis, H.: An overview of evolutionary computation. In: Brazdil, P.B. (ed.) ECML 1993. LNCS, vol. 667, Springer, Heidelberg (1993)
Marty, R.: THOR: A tool to test intrusion detection systems by variations of attacks. Master’s thesis, Swiss Federal Institute of Technology, Zurich, Switzerland (2002)
Rubin, S., Jha, S., Miller, B.P.: Language-based generation and evaluation of NIDS signatures. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland, CA, USA (2005)
Qiu, D., Srikant, R.: Modeling and performance analysis of Bit Torrent-like peer-to-peer networks. In: Proceedings of ACM SIGCOMM 2004, Portland, OR, USA (2004)
Staniford, S., Paxson, V., Weaver, N.: How to 0wn the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA (2002)
Bu, T., Towsley, D.: On distinguishing between Internet power law topology generators. In: Proceedings of IEEE INFOCOM 2002, New York, NY, USA (2002)
Greenwood, M., Bradford Hill, A., Topley, W.W.C., Wilson, J.: Experimental Epidemiology. His Majety’s Stationary Office, London (1936) Privy Council, Medical Research Council
Anderson, R., May, R.: Population biology of infectious diseases, part 1. Nature 280, 361–367 (1979)
May, R., Anderson, R.: Population biology of infectious diseases, part 2. Nature 280, 455–461 (1979)
MacDonald, G.: The Epidemiology and Control of Malaria. Oxford University Press, New York (1957)
Davies, C., Webster, J., Woolhouse, M.: Trade-offs in the evolution of virulence in an indirectly transmitted macroparasite. In: Proceedings of the Royal Society of London: Biological Sciences, London, UK, pp. 251–257 (2001)
Levin, B., Svanborg-Eden, C.: Selection and evolution of virulence in bacteria: an ecumenical and modest suggestion. Parasitology 100, S103–S115 (1990)
Dwyer, G., Levin, S., Buttel, L.: A simulation model of the population dynamics and evolution of myxomatosis. Ecological Monographs 60, 423–447 (1990)
Anderson, R.: Parasite pathogenicity and the depression of host population equilibria. Nature 279, 150–152 (1979)
Lewontin, R.: The units of selection. Annual Review of Ecology and Systematics 1, 1–18 (1970)
May, R., Anderson, R.: Parasite-host coevolution. Parasitology 100, S89–S101 (1990)
Levin, S., Pimentel, D.: Selection of intermediate rates of increase in parasite-host systems. The American Naturalist 117, 308–315 (1981)
Chistodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 13th USENIX Security Symposium, Washington, DC, USA (2003)
Ellis, D.R., Aiken, J.G., Attwood, K.S., Tenaglia, S.D.: A behavioral approach to worm detection. In: Proceedings of the 2nd Workshop on Rapid Malcode (WORM 2004), Fairfax, VA, USA (2004)
Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 14th USENIX Security Symposium, San Diego, CA, USA (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Butler, K.R.B., McDaniel, P.D. (2005). Understanding Mutable Internet Pathogens, or How I Learned to Stop Worrying and Love Parasitic Behavior. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2005. Lecture Notes in Computer Science, vol 3803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593980_3
Download citation
DOI: https://doi.org/10.1007/11593980_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30706-8
Online ISBN: 978-3-540-32422-5
eBook Packages: Computer ScienceComputer Science (R0)