Skip to main content
SpringerLink
Log in

Self-adaptive Worms and Countermeasures

  • Conference paper
Stabilization, Safety, and Security of Distributed Systems (SSS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4280))

Included in the following conference series:

Abstract

In this paper, we address issues related to defending against wide-spreading worms on the Internet. We study a new class of worms called the self-adaptive worms. These worms dynamically adapt their propagation patterns to defensive countermeasures, in order to avoid or postpone detection, and to eventually infect more computers. We show that existing worm detection schemes cannot effectively defend against these self-adaptive worms. To counteract these worms, we introduce a game-theoretic formulation to model the interaction between worm propagator and defender. We show that the effective integration of multiple defensive schemes (e.g., worm detection, forensics analysis) is critical for defending against self-adaptive worms. We propose different combinations of defensive schemes for different kinds of self-adaptive worms, and evaluate the performance of defensive schemes based on real-world traffic traces.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. US-Cert: W32/MyDoom.B Virus, http://www.us-cert.gov/cas/techalerts/TA04-028A.html

  2. Moore, D., Shannon, C., Brown, J.: Code-red: a case study on the spread and victims of an internet worm. In: Proceedings of the 2nd Internet Measurement Workshop (IMW), Marseille, France (November 2002)

    Google Scholar 

  3. Zdnet: Smart worm lies low to evade detection, http://news.zdnet.co.uk/internet/security/0,39020375,39160285,00.html

  4. Voelker, G.M., Ma, J., Savage, S.: Self-stopping worms. In: Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C (November 2005)

    Google Scholar 

  5. Wu, J., Vangala, S., Gao, L.X.: An effective architecture and algorithm for detecting worms with various scan techniques. In: Proceedings of the 11th IEEE Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2004)

    Google Scholar 

  6. Venkataraman, S., Song, D., Gibbons, P., Blum, A.: New streaming algorithms for superspreader detection. In: Proceedings of the 12th IEEE Network and Distributed Systems Security Symposium (NDSS), San Diego, CA (February 2005)

    Google Scholar 

  7. Sekar, V., Xie, Y., Maltz, D., Reiter, M., Zhang, H.: Toward a framework for internet forensic analysis. In: Proceeding of the 3rd Workshop on Hot Topics in Networks (HotNets-III), San Diego, CA (November 2004)

    Google Scholar 

  8. Xie, Y., Sekar, V., Maltz, D.A., Reiter, M.K., Zhang, H.: Worm origin identification using random moonwalks. In: Proceeding of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2005)

    Google Scholar 

  9. Chen, Z.S., Gao, L.X., Kwiat, K.: Modeling the spread of active worms. In: Proceedings of the IEEE Conference on Computer Communications (INFOCOM), San Francisco, CA (March 2003)

    Google Scholar 

  10. Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11-th USENIX Security Symposium, San Francisco, CA (August 2002)

    Google Scholar 

  11. Staniford, S.: Containment of scanning worms in enterprise networks. Journal of Computer Security (2003)

    Google Scholar 

  12. Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the 25-th IEEE Symposium on Security and Privacy, Oakland, CA (May 2004)

    Google Scholar 

  13. Kim, H., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 13-th USENIX Security Symposium, San Diego, CA (August 2004)

    Google Scholar 

  14. SANS: Internet Storm Center, http://isc.sans.org/

  15. Yegneswaran, V., Barford, P., Plonka, D.: On the design and utility of internet sinks for network abuse monitoring. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 146–165. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Spitzner, L.: Know Your Enemy: Honeynets, Honeynet Project, http://project.honeynet.org/papers/honeynet

  17. Zou, C., Gong, W.B., Towsley, D., Gao, L.X.: Monitoring and early detection for internet worms. In: Proceedings of the 10-th ACM Conference on Computer and Communication Security (CCS), Washington DC (October 2003)

    Google Scholar 

  18. Sanders, T.: Turk and Moroccan arrested for Zotob worm author caught within two weeks, http://www.vnunet.com/vnunet/news/2141584/turk-moroccan-arrested-zotob

  19. Yu, W., Zhang, N., Zhao, W.: Self-adaptive worm and countermeasures. Technical Report 2006-8-2, Computer Science Dept., Texas A&M Univ. (August 2006)

    Google Scholar 

  20. Allen, R.L., Mills, D.W.: Signal Analysis: Time, Frequency, Scale, and Structure. Wiley and Sons, Chichester (2004)

    Google Scholar 

  21. Jayant, N.S., Noll, P.: Digital Coding of Waveforms. Prentice-Hall, Englewood Cliffs (1984)

    Google Scholar 

  22. DShield.org: Distributed Intrusion Detection System, http://www.dshield.org/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Texas A&M University, College Station, TX, 77843-3112

    Wei Yu & Wei Zhao

  2. Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, TX, 76019-0015

    Nan Zhang

Authors
  1. Wei Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, University of Nevada Las Vegas,  

    Ajoy K. Datta

  2. LIP6, INRIA-Université Paris 6, France

    Maria Gradinariu

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yu, W., Zhang, N., Zhao, W. (2006). Self-adaptive Worms and Countermeasures. In: Datta, A.K., Gradinariu, M. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2006. Lecture Notes in Computer Science, vol 4280. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-49823-0_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-49823-0_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49018-0

  • Online ISBN: 978-3-540-49823-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation