Abstract
We present a simple, deterministic mathematical model for the spread of randomly scanning and bandwidth-saturating Internet worms. Such worms include Slammer and Witty, both of which spread extremely rapidly. Our model, consisting of coupled Kermack-McKendrick equations, captures both the measured scanning activity of the worm and the network limitation of its spread, i.e., the effective scan-rate per worm/infective. We fit our model to available data for the Slammer worm and demonstrate its ability to accurately represent Slammer’s total scan-rate to the core.
This work is supported by both the NSF and DHS of the United States under NSF grant number 0335241.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chen, Z., Gao, L., Kwait, K.: Modeling the spread of active worms. In: Proc. IEEE INFOCOM, San Francisco (2003)
Cooke, E., Bailey, M., Mao, Z.M., Watson, D., Jahanian, F., McPherson, D.: Toward understanding distributed blackhole placement. In: Proc. ACM WORM, Washington, DC, October 29 (2004)
Daley, D.J., Gani, J.: Epidemic modeling, an introduction. Cambridge University Press, Cambridge (1999)
DETER project URL: http://www.isi.edu/deter
EMIST project URL: http://emist.ist.psu.edu
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proc. IEEE INFOCOM, San Francisco (2003)
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy (2004), http://www.computer.org/security/v1n4/j4wea.htm
Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing. In: Proc. ACM WORM, Washington, DC (October 2003)
Staniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: Proc. USENIX Security Symposium, August 2002, pp. 149–167 (2002)
Weaver, N., Hamadeh, I., Kesidis, G., Paxson, V.: Preliminary results using scale-down using scale-down to explore worm dynamics. In: Proc. ACM WORM, Washington, DC, October 29 (2004)
Weaver, N., Staniford, S., Paxson, V.: Very Fast Containment of Scanning Worms. In: Proc. 13th USENIX Security Symposium (August 2004)
Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proc. 9th ACM Conference on Computer and Communication Security (CCS 2002), Washington, DC (November 2002)
Zou, C.C., Gong, W., Towsley, D.: Worm propagation modeling and analysis under dynamic quarantine defense. In: Proc. ACM WORM, Washington, DC (October 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kesidis, G., Hamadeh, I., Jiwasurat, S. (2005). Coupled Kermack-McKendrick Models for Randomly Scanning and Bandwidth-Saturating Internet Worms. In: Ajmone Marsan, M., Bianchi, G., Listanti, M., Meo, M. (eds) Quality of Service in Multiservice IP Networks. QoS-IP 2004. Lecture Notes in Computer Science, vol 3375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30573-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-30573-6_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24557-5
Online ISBN: 978-3-540-30573-6
eBook Packages: Computer ScienceComputer Science (R0)