Abstract
Benign worms have been attracting wide attention in the field of worm research due to the proactive defense against the worm propagation and patch for the susceptible hosts. In this paper, two revised Worm–Anti-Worm (WAW) models are proposed for cloud-based benign worm countermeasure. These Re-WAW models are based on the law of worm propagation and the two-factor model. One is the cloud-based benign Re-WAW model to achieve effective worm containment. Another is the two-stage Re-WAW propagation model, which uses proactive and passive switching defending strategy based on the ratio of benign worms to malicious worms. This model intends to avoid the network congestion and other potential risks caused by the proactive scan of benign worms. Simulation results show that the cloud-based Re-WAW model significantly improves the worm propagation containment effect. The cloud computing technology enables rapid delivery of massive initial benign worms, and the two stage Re-WAW model gradually clears off the benign worms with the containment of the malicious worms.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Eugene SH (1988) The Internet worm program: an analysis. Technical report, CSD-TR-823, pp 1–29
Seeley D (1989) A tour of the worm. In: Proceedings of USENIX technical. pp 287–304
Porras P, Saidi H, Yegneswaran V (2011) An analysis of conficker’s logic and rendezvous protocol. http://mtc.sri.com/Conficker/. Accessed 16 March 2011
Williams A (2011) The largest cloud in the world is owned by a criminal. http://www.readwriteweb.com/cloud/2010/04/the-largest-cloud-in-the-world.php. Accessed 12 April 2011
Symantec (2010) Symantec global Internet security threat report trends for 2009. Technical report, XV
Staniford S, Paxson V, Weaver N (2002) How to own the Internet in your spare time. In: Proceedings of the 11th USENIX security symposium, pp 149–167
Castaneda F, Can Sezer E, Xu J (2004) WORM vs WORM: preliminary study of an active counter-attack mechanism. In: Proceedings of the 2004 ACM workshop on rapid malcode, pp 83–93
Qing S, Wen W (2005) A survey and trends on Internet worms. Comput Secur 24:334–346. doi:10.1016/j.cose.2004.10.001
Cohen F (1987) Computer viruses: theory and experiments. Comput Secur 6(1):22–35. doi:10.1016/0167-4048(87)90122-2
Bailey NTJ (1975) The mathematical theory of infectious diseases and its applications. Hafner Press, New York
Frauenthal JC (1980) Mathematical modeling in epidemiology. Springer, New York
Anderson RM, May RM (1991) Infectious diseases of humans: dynamics and control. Oxford University Press, London
Kephart JO, White SR (1991) Directed-graph epidemiological models of computer viruses. In: Proceedings of IEEE symposium on security and privacy, pp 343–359
Kephart JO, Chess DM, White SR (1993) Computers and epidemiology. IEEE Spectr 30(5):20–26
Andersson H, Britton T (2000) Stochastic epidemic models and their statistical analysis. Springer, New York
Zou CC, Gong W, Towsley D (2002) Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 138–147
Chen Z, Gao L, Kwiat K (2003) Modeling the spread of active worms. In: IEEE INFOCOM 2003
Piqueira JRC, Navarro BF, Monteiro LHA (2005) Epidemiological models applied to viruses in computer networks. J Comput Sci 1(1):31–34
Nicol DM (2006) The impact of stochastic variance on worm propagation and detection. In: Proceedings of the 4th ACM workshop on recurring malcode, pp 57–64. doi:10.1145/1179542.1179555
Zou CC, Towsley D, Gong W (2006) On the performance of Internet worm scanning strategies. J Perform Eval 63(7):700–723. doi:10.1016/j.peva.2005.07.032
Tanachaiwiwat S, Helmy A (2007) Modeling and analysis of worm interactions (war of the worms). In: Proceedings of BROADNETS’07, pp 649–658
Li J, Knickerbocker P (2007) Functional similarities between computer worms and biological pathogens. Comput Secur 26(4):338–347. doi:10.1016/j.cose.2006.12.002
Yuan H, Chen G (2008) Network virus-epidemic model with the point-to-group information propagation. Appl Comput Math 206(1):357–367. doi:10.1016/j.amc.2008.09.025
Piqueira JRC, Vasconcelos AA, Gabriel CECJ, Araujo VO (2008) Dynamic models for computer viruses. Comput Secur 27(7–8):355–359. doi:10.1016/j.cose.2008.07.006
Su F, Lin Z, Ma Y (2010) Modeling and analysis of Internet worm propagation. J China Univ Post Telecommun 17(4):63–68. doi:10.1016/S1005-8885(09)60489-1
Yu W, Wang X, Champion A, Xuan D, Lee D (2011) On detecting active worms with varying scan rate. Comput Commun 34(11):1269–1282. doi:10.1016/j.comcom.2010.10.014
Provos N (2010) A virtual honeypot framework. CITI technical report 03-1. http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf. Accessed 28 July 2010
Oudot L (2010) Fighting worms with honeypots: honeyd vs msblast, honeypots mailinglist. http://lists.insecure.org/lists/honeypots/2003/Jul-Sep/0071.htm. Accessed 11 September 2010
Berk VH, Gray RS, Bakos G (2003) Using sensor networks and data fusion for early detection of active worms. Proc SPIE 2003:92–104. doi:10.1117/12.500849
Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the slammer worm. IEEE Secur Priv 1(4):33–39. doi:10.1109/MSECP.2003.1219056
Zou CC, Gao L, Gong W, Towsley D (2003) Monitoring and early warning for Internet worms. In: Proceedings of the 10th ACM conference on computer and communications security, pp 190–199. doi:10.1145/948109.948136
Cheung S, Hoagland J, Levitt K, Rowe J, Staniford S et al (1999) The design of GrIDS: a graph-based intrusion detection system. Technical report, CSE-99-2. http://citeseer.nj.nec.com/cheung99design.html. Accessed 15 September 2010
Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of IEEE symposium on security and privacy
Cooke E, Bailey M, Jahanian F, Mortier R (2006) The dark oracle: perspective-aware unused and unreachable address. In: Proceedings of the 3rd conference on networked systems design & implementation, vol 3, pp 8
Li L, Jhi Y, Liu P, Kesidis G (2007) Evaluation of collaborative worm containment on the deter testbed. In: Proceedings of the DETER community workshop on cyber security experimentation and test
Choi Y, Li L, Liu P, Kesidis G (2010) Worm virulence estimation for the containment of local worm outbreak. Comput Secur 29:104–123. doi:10.1016/j.cose.2009.07.002
Zou CC, Gong W, Towsley D (2003) Worm propagation modeling and analysis under dynamic quarantine defense. In: Proceedings of the 2003 ACM workshop on rapid malcode, pp 51–60. doi:10.1145/948187.948197
Staniford S (2004) Containment of scanning worm in an enterprise networks. Journal of Computer Security
Liljenstam M, Nicol DM (2004) Comparing passive and active worm defenses. In: Proceedings of the quantitative evaluation of systems, first international conference, pp 18–27. doi:10.1109/QEST.2004.12
Nicol DM, Liljenstam M (2005) Models and analysis of active worm defense. In: Proceedings of the third international conference on mathematical methods, models, and architectures for computer network security, pp 38–53. doi:10.1007/11560326_4
Yang F, Duan H, Li X (2004) Modeling and analysis on the interaction between the Internet worm and anti-worm. J Sci China Ser E, Inf Sci 34(8):841–856
Wang C, Qing S, He J (2007) Anti-worm based on hybrid confronting technology. J Commun 28(1):28–34
Zhou H, Wen Y, Zhao H (2007) Modeling and analysis of active benign worms and hybrid benign worms containing the spread of worms. In: Proceedings of the sixth international conference on networking. doi:10.1109/ICN.2007.58
Toutonji O, Yoo S-M (2009) Passive benign worm propagation modeling with dynamic quarantine defense. KSII Trans Internet Inf Syst 3(1):96–107
Zhou H, Zhao H, Wen Y (2009) Modeling and analysis of divide-and-rule-hybrid-benign worms. J Comput Res Dev 46(7):1110–1116
Xiang F, Yang X (2010) Propagation modeling of peer-to-peer worms. In Proceedings of advanced information networking and applications, pp 1128–1135
Barber B (2004) Cheese worm pros and cons of “Friendly” worm. http://www.sans.org/rr/whitepapers/malicious/31.php. Accessed 16 June 2004
Kem M (2003) CRClean. http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0577.html. Accessed 23 March 2003
Hexxer H (2003) CodeGreen beta release. http://online.securityfocus.com/archive/. 82/211462. Accessed 8 May 2003
Leyden J (2004) Blaster variant offers ‘fix’ for pox-ridden pcs. http://www.theregister.com/2003/08/19/blaster_variant_offer_fix/. Accessed 12 April 2004
Zheng X, Li T, Yang H (2011) A novel Cloud-based worm propagation model. J Comput Inf Syst 7(4):1082–1091
Messmer E (2004) The myth of the good worm. http://www.wormblog.com/2004/11/the_myth_of_the.html. Accessed 12 April 2004
Zhou H, Wen Y, Zhao H (2007) Passive worm propagation modeling and analysis. In: Proceedings of the international multi-conference on computing in the global information technology, pp 32–42. doi:10.1109/ICCGI.2007.48
Acknowledgements
This work is sponsored by National Natural Science Foundation of China (Nos. 60873246 and 61173159), and the Cultivation Fund of the Key Scientific and Technical Innovation Project, Ministry of Education of China (No. 708075).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zheng, X., Li, T. & Fang, Y. Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation. J Supercomput 62, 1451–1479 (2012). https://doi.org/10.1007/s11227-012-0812-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-012-0812-8