Skip to main content
SpringerLink
Log in

Treating scalability and modelling human countermeasures against local preference worms via gradient models

  • Eicar 2008 extended version
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

A network worm is a specific type of malicious software that self propagates by exploiting application vulnerabilities in network-connected systems. Worm propagation models are mathematical models that attempt to capture the propagation dynamics of scanning worms as a means to understand their behaviour. It turns out that the emerged scalability in worm propagation plays an important role in order to describe the propagation in a realistic way. On the other hand human-based countermeasures also drastically affect the propagation in time and space. This work elaborates on a recent propagation model (Avlonitis et al. in J Comput Virol 3, 87–92, 2007) that makes use of Partial Differential Equations in order to treat correctly scalability and non-uniform behaviour (e.g., local preference worms). The aforementioned gradient model is extended in order to take into account human-based countermeasures that influence the propagation of local-preference worms in the Internet. Certain aspects of scalability emerged in random and local preference strategies are also discussed by means of random field considerations. As a result the size of a critical network that needs to be studied in order to describe the global propagation of a scanning worm is estimated. Finally, we present simulation results that validate the proposed analytical results and demonstrate the higher propagation rate of local preference worms compared with random scanning worms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Avlonitis M., Magkos E., Stefanidakis M., Chrissikopoulos V.: A spatial stochastic model for worm propagation: scale effects. J. Comput. Virol. 3, 87–92 (2007)

    Article  Google Scholar 

  2. Cert/c, C.: Cert advisory ca-2001-26 nimda worm (2001)

  3. Moore, D., Shannon, C., Claffy, K.C.: Code-red: a case study on the spread and victims of an internet worm. In: IMW’02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pp. 273–284. ACM, New York (2002)

  4. Moore D., Paxson V., Savage S., Shannon C., Staniford S., Weaver N.: Inside the slammer worm. IEEE Secur. Priv. 1, 33–39 (2003)

    Article  Google Scholar 

  5. Berghel H.: Malware month. Commun. ACM 46, 15–19 (2003)

    Google Scholar 

  6. Shannon C., Moore D.: The spread of the witty worm. IEEE Secur. Priv. 2, 46–50 (2004)

    Article  Google Scholar 

  7. Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, pp. 149–167. USENIX Association, Berkeley (2002)

  8. Zou C.C., Towsley D., Gong W., Cai S.: Advanced routing worm and its security challenges. Simul. 82, 75–85 (2006)

    Article  Google Scholar 

  9. Wu, J., V.S.G.L., Kwiat, K.: An effective architecture and algorithm for detecting worms with various scan techniques. In: 11th Annual Network and Distributed System Security Symposium (NDSS’04), San Diego (2004)

  10. Chen, Z., Chen, C., Ji, C.: Understanding localized-scanning worms. In: 26th IEEE International Performance Computing and Communications Conference, IPCCC 2007, pp. 186–193 (2007)

  11. Zou C.C., Towsley D., Gong W.: On the performance of internet worm scanning strategies. Perform. Eval. 63, 700–723 (2006)

    Article  Google Scholar 

  12. Keromytis A.D., Bellovin S.M., Cheswick B.: Worm propagation strategies in an ipv6 internet. USENIX, login 31, 70–76 (2006)

    Google Scholar 

  13. Zou C., Gong W., Towsley D., Gao L.: The monitoring and early detection of internet worms. ACM Trans. Networking 13, 961–974 (2005)

    Article  Google Scholar 

  14. Yu, W., Wang, X., Xuan, D., Lee, D.: Effective detection of active worms with varying scan rate. International Conference on Security and Privacy in Communication Networks (IEEE SecureComm), pp. 1–10 (2006)

  15. Morin B., Mé L.: Intrusion detection and virology: an analysis of differences, similarities and complementariness. J. Comput. Virol. 3, 39–49 (2007)

    Article  Google Scholar 

  16. Serazzi, G., Zanero, S.: Computer virus propagation models. In: MASCOTS Tutorials. Volume 2965 of Lecture Notes in Computer Science, pp. 26–50. Springer, Heidelberg (2003)

  17. Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pp. 138–147. ACM, New York (2002)

  18. Anderson R.M., May R.M.: Infectious diseases of humans: dynamics and control. Oxford Science Publications, (1992)

  19. Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: IEEE Symposium on Security and Privacy, pp. 343–361 (1991)

  20. Onwubiko C., Lenaghan A., Hebbes L.: An improved worm mitigation model for evaluating the spread of aggressive network worms. Computer as a Tool, 2005. EUROCON 2005. Int. Conf. 2, 1710–1713 (2005)

    Article  Google Scholar 

  21. Wang, Y., Wang, C.: Modeling the effects of timing parameters on virus propagation. In: WORM ’03: Proceedings of the 2003 ACM workshop on Rapid malcode, pp. 61–66. ACM, New York (2003)

  22. Kesidis, G., Hamadeh, I., Jiwasurat, S.: Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms. In: Quality of Service in Multiservice IP Networks, Third International Workshop, QoS-IP 2005. Lecture Notes in Computer Science, vol. 3375, pp. 101–109. Springer, Heidelberg (2005)

  23. Vanmarcke E.: Random fields, analysis and synthesis. MIT Press, Cambridge (1983)

    Google Scholar 

  24. Ludwig D.J.D., Holling C.: Qualitative analysis of insect outbreak systems: The spruce budworm and forest. J. Anim. Ecol. 47, 315–332 (1978)

    Article  Google Scholar 

  25. AvlonitisM. Zaiser M.A.E.C.: Nucleation and non-linear strain localization during cyclic plastic deformation. J. Mech. Behav. Mater. 18, 69–79 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Ionian University, Plateia Tsirigoti 7, 49100, Kerkyra, Greece

    Markos Avlonitis, Emmanouil Magkos, Michalis Stefanidakis & Vassilis Chrissikopoulos

Authors
  1. Markos Avlonitis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanouil Magkos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michalis Stefanidakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vassilis Chrissikopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emmanouil Magkos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Avlonitis, M., Magkos, E., Stefanidakis, M. et al. Treating scalability and modelling human countermeasures against local preference worms via gradient models. J Comput Virol 5, 357–364 (2009). https://doi.org/10.1007/s11416-008-0099-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-008-0099-8

Keywords

Search

Navigation