Skip to main content
Log in

Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Benign worms have been attracting wide attention in the field of worm research due to the proactive defense against the worm propagation and patch for the susceptible hosts. In this paper, two revised Worm–Anti-Worm (WAW) models are proposed for cloud-based benign worm countermeasure. These Re-WAW models are based on the law of worm propagation and the two-factor model. One is the cloud-based benign Re-WAW model to achieve effective worm containment. Another is the two-stage Re-WAW propagation model, which uses proactive and passive switching defending strategy based on the ratio of benign worms to malicious worms. This model intends to avoid the network congestion and other potential risks caused by the proactive scan of benign worms. Simulation results show that the cloud-based Re-WAW model significantly improves the worm propagation containment effect. The cloud computing technology enables rapid delivery of massive initial benign worms, and the two stage Re-WAW model gradually clears off the benign worms with the containment of the malicious worms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23

Similar content being viewed by others

References

  1. Eugene SH (1988) The Internet worm program: an analysis. Technical report, CSD-TR-823, pp 1–29

  2. Seeley D (1989) A tour of the worm. In: Proceedings of USENIX technical. pp 287–304

    Google Scholar 

  3. Porras P, Saidi H, Yegneswaran V (2011) An analysis of conficker’s logic and rendezvous protocol. http://mtc.sri.com/Conficker/. Accessed 16 March 2011

  4. Williams A (2011) The largest cloud in the world is owned by a criminal. http://www.readwriteweb.com/cloud/2010/04/the-largest-cloud-in-the-world.php. Accessed 12 April 2011

  5. Symantec (2010) Symantec global Internet security threat report trends for 2009. Technical report, XV

  6. Staniford S, Paxson V, Weaver N (2002) How to own the Internet in your spare time. In: Proceedings of the 11th USENIX security symposium, pp 149–167

    Google Scholar 

  7. Castaneda F, Can Sezer E, Xu J (2004) WORM vs WORM: preliminary study of an active counter-attack mechanism. In: Proceedings of the 2004 ACM workshop on rapid malcode, pp 83–93

    Chapter  Google Scholar 

  8. Qing S, Wen W (2005) A survey and trends on Internet worms. Comput Secur 24:334–346. doi:10.1016/j.cose.2004.10.001

    Article  Google Scholar 

  9. Cohen F (1987) Computer viruses: theory and experiments. Comput Secur 6(1):22–35. doi:10.1016/0167-4048(87)90122-2

    Article  Google Scholar 

  10. Bailey NTJ (1975) The mathematical theory of infectious diseases and its applications. Hafner Press, New York

    MATH  Google Scholar 

  11. Frauenthal JC (1980) Mathematical modeling in epidemiology. Springer, New York

    Book  MATH  Google Scholar 

  12. Anderson RM, May RM (1991) Infectious diseases of humans: dynamics and control. Oxford University Press, London

    Google Scholar 

  13. Kephart JO, White SR (1991) Directed-graph epidemiological models of computer viruses. In: Proceedings of IEEE symposium on security and privacy, pp 343–359

    Google Scholar 

  14. Kephart JO, Chess DM, White SR (1993) Computers and epidemiology. IEEE Spectr 30(5):20–26

    Article  Google Scholar 

  15. Andersson H, Britton T (2000) Stochastic epidemic models and their statistical analysis. Springer, New York

    Book  MATH  Google Scholar 

  16. Zou CC, Gong W, Towsley D (2002) Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 138–147

    Chapter  Google Scholar 

  17. Chen Z, Gao L, Kwiat K (2003) Modeling the spread of active worms. In: IEEE INFOCOM 2003

    Google Scholar 

  18. Piqueira JRC, Navarro BF, Monteiro LHA (2005) Epidemiological models applied to viruses in computer networks. J Comput Sci 1(1):31–34

    Article  Google Scholar 

  19. Nicol DM (2006) The impact of stochastic variance on worm propagation and detection. In: Proceedings of the 4th ACM workshop on recurring malcode, pp 57–64. doi:10.1145/1179542.1179555

    Chapter  Google Scholar 

  20. Zou CC, Towsley D, Gong W (2006) On the performance of Internet worm scanning strategies. J Perform Eval 63(7):700–723. doi:10.1016/j.peva.2005.07.032

    Article  Google Scholar 

  21. Tanachaiwiwat S, Helmy A (2007) Modeling and analysis of worm interactions (war of the worms). In: Proceedings of BROADNETS’07, pp 649–658

    Google Scholar 

  22. Li J, Knickerbocker P (2007) Functional similarities between computer worms and biological pathogens. Comput Secur 26(4):338–347. doi:10.1016/j.cose.2006.12.002

    Article  Google Scholar 

  23. Yuan H, Chen G (2008) Network virus-epidemic model with the point-to-group information propagation. Appl Comput Math 206(1):357–367. doi:10.1016/j.amc.2008.09.025

    Article  MathSciNet  Google Scholar 

  24. Piqueira JRC, Vasconcelos AA, Gabriel CECJ, Araujo VO (2008) Dynamic models for computer viruses. Comput Secur 27(7–8):355–359. doi:10.1016/j.cose.2008.07.006

    Article  Google Scholar 

  25. Su F, Lin Z, Ma Y (2010) Modeling and analysis of Internet worm propagation. J China Univ Post Telecommun 17(4):63–68. doi:10.1016/S1005-8885(09)60489-1

    Article  Google Scholar 

  26. Yu W, Wang X, Champion A, Xuan D, Lee D (2011) On detecting active worms with varying scan rate. Comput Commun 34(11):1269–1282. doi:10.1016/j.comcom.2010.10.014

    Article  Google Scholar 

  27. Provos N (2010) A virtual honeypot framework. CITI technical report 03-1. http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf. Accessed 28 July 2010

  28. Oudot L (2010) Fighting worms with honeypots: honeyd vs msblast, honeypots mailinglist. http://lists.insecure.org/lists/honeypots/2003/Jul-Sep/0071.htm. Accessed 11 September 2010

  29. Berk VH, Gray RS, Bakos G (2003) Using sensor networks and data fusion for early detection of active worms. Proc SPIE 2003:92–104. doi:10.1117/12.500849

    Article  Google Scholar 

  30. Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the slammer worm. IEEE Secur Priv 1(4):33–39. doi:10.1109/MSECP.2003.1219056

    Article  Google Scholar 

  31. Zou CC, Gao L, Gong W, Towsley D (2003) Monitoring and early warning for Internet worms. In: Proceedings of the 10th ACM conference on computer and communications security, pp 190–199. doi:10.1145/948109.948136

    Chapter  Google Scholar 

  32. Cheung S, Hoagland J, Levitt K, Rowe J, Staniford S et al (1999) The design of GrIDS: a graph-based intrusion detection system. Technical report, CSE-99-2. http://citeseer.nj.nec.com/cheung99design.html. Accessed 15 September 2010

  33. Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of IEEE symposium on security and privacy

    Google Scholar 

  34. Cooke E, Bailey M, Jahanian F, Mortier R (2006) The dark oracle: perspective-aware unused and unreachable address. In: Proceedings of the 3rd conference on networked systems design & implementation, vol 3, pp 8

    Google Scholar 

  35. Li L, Jhi Y, Liu P, Kesidis G (2007) Evaluation of collaborative worm containment on the deter testbed. In: Proceedings of the DETER community workshop on cyber security experimentation and test

    Google Scholar 

  36. Choi Y, Li L, Liu P, Kesidis G (2010) Worm virulence estimation for the containment of local worm outbreak. Comput Secur 29:104–123. doi:10.1016/j.cose.2009.07.002

    Article  Google Scholar 

  37. Zou CC, Gong W, Towsley D (2003) Worm propagation modeling and analysis under dynamic quarantine defense. In: Proceedings of the 2003 ACM workshop on rapid malcode, pp 51–60. doi:10.1145/948187.948197

    Chapter  Google Scholar 

  38. Staniford S (2004) Containment of scanning worm in an enterprise networks. Journal of Computer Security

  39. Liljenstam M, Nicol DM (2004) Comparing passive and active worm defenses. In: Proceedings of the quantitative evaluation of systems, first international conference, pp 18–27. doi:10.1109/QEST.2004.12

    Chapter  Google Scholar 

  40. Nicol DM, Liljenstam M (2005) Models and analysis of active worm defense. In: Proceedings of the third international conference on mathematical methods, models, and architectures for computer network security, pp 38–53. doi:10.1007/11560326_4

    Google Scholar 

  41. Yang F, Duan H, Li X (2004) Modeling and analysis on the interaction between the Internet worm and anti-worm. J Sci China Ser E, Inf Sci 34(8):841–856

    Google Scholar 

  42. Wang C, Qing S, He J (2007) Anti-worm based on hybrid confronting technology. J Commun 28(1):28–34

    Google Scholar 

  43. Zhou H, Wen Y, Zhao H (2007) Modeling and analysis of active benign worms and hybrid benign worms containing the spread of worms. In: Proceedings of the sixth international conference on networking. doi:10.1109/ICN.2007.58

    Google Scholar 

  44. Toutonji O, Yoo S-M (2009) Passive benign worm propagation modeling with dynamic quarantine defense. KSII Trans Internet Inf Syst 3(1):96–107

    Article  Google Scholar 

  45. Zhou H, Zhao H, Wen Y (2009) Modeling and analysis of divide-and-rule-hybrid-benign worms. J Comput Res Dev 46(7):1110–1116

    Google Scholar 

  46. Xiang F, Yang X (2010) Propagation modeling of peer-to-peer worms. In Proceedings of advanced information networking and applications, pp 1128–1135

    Google Scholar 

  47. Barber B (2004) Cheese worm pros and cons of “Friendly” worm. http://www.sans.org/rr/whitepapers/malicious/31.php. Accessed 16 June 2004

  48. Kem M (2003) CRClean. http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0577.html. Accessed 23 March 2003

  49. Hexxer H (2003) CodeGreen beta release. http://online.securityfocus.com/archive/. 82/211462. Accessed 8 May 2003

  50. Leyden J (2004) Blaster variant offers ‘fix’ for pox-ridden pcs. http://www.theregister.com/2003/08/19/blaster_variant_offer_fix/. Accessed 12 April 2004

  51. Zheng X, Li T, Yang H (2011) A novel Cloud-based worm propagation model. J Comput Inf Syst 7(4):1082–1091

    Google Scholar 

  52. Messmer E (2004) The myth of the good worm. http://www.wormblog.com/2004/11/the_myth_of_the.html. Accessed 12 April 2004

  53. Zhou H, Wen Y, Zhao H (2007) Passive worm propagation modeling and analysis. In: Proceedings of the international multi-conference on computing in the global information technology, pp 32–42. doi:10.1109/ICCGI.2007.48

    Google Scholar 

Download references

Acknowledgements

This work is sponsored by National Natural Science Foundation of China (Nos. 60873246 and 61173159), and the Cultivation Fund of the Key Scientific and Technical Innovation Project, Ministry of Education of China (No. 708075).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xufei Zheng.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zheng, X., Li, T. & Fang, Y. Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation. J Supercomput 62, 1451–1479 (2012). https://doi.org/10.1007/s11227-012-0812-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-012-0812-8

Keywords

Navigation