Abstract
A network worm is a specific type of malicious software that self propagates by exploiting application vulnerabilities in network-connected systems. Worm propagation models are mathematical models that attempt to capture the propagation dynamics of scanning worms as a means to understand their behaviour. It turns out that the emerged scalability in worm propagation plays an important role in order to describe the propagation in a realistic way. On the other hand human-based countermeasures also drastically affect the propagation in time and space. This work elaborates on a recent propagation model (Avlonitis et al. in J Comput Virol 3, 87–92, 2007) that makes use of Partial Differential Equations in order to treat correctly scalability and non-uniform behaviour (e.g., local preference worms). The aforementioned gradient model is extended in order to take into account human-based countermeasures that influence the propagation of local-preference worms in the Internet. Certain aspects of scalability emerged in random and local preference strategies are also discussed by means of random field considerations. As a result the size of a critical network that needs to be studied in order to describe the global propagation of a scanning worm is estimated. Finally, we present simulation results that validate the proposed analytical results and demonstrate the higher propagation rate of local preference worms compared with random scanning worms.
Similar content being viewed by others
References
Avlonitis M., Magkos E., Stefanidakis M., Chrissikopoulos V.: A spatial stochastic model for worm propagation: scale effects. J. Comput. Virol. 3, 87–92 (2007)
Cert/c, C.: Cert advisory ca-2001-26 nimda worm (2001)
Moore, D., Shannon, C., Claffy, K.C.: Code-red: a case study on the spread and victims of an internet worm. In: IMW’02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pp. 273–284. ACM, New York (2002)
Moore D., Paxson V., Savage S., Shannon C., Staniford S., Weaver N.: Inside the slammer worm. IEEE Secur. Priv. 1, 33–39 (2003)
Berghel H.: Malware month. Commun. ACM 46, 15–19 (2003)
Shannon C., Moore D.: The spread of the witty worm. IEEE Secur. Priv. 2, 46–50 (2004)
Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, pp. 149–167. USENIX Association, Berkeley (2002)
Zou C.C., Towsley D., Gong W., Cai S.: Advanced routing worm and its security challenges. Simul. 82, 75–85 (2006)
Wu, J., V.S.G.L., Kwiat, K.: An effective architecture and algorithm for detecting worms with various scan techniques. In: 11th Annual Network and Distributed System Security Symposium (NDSS’04), San Diego (2004)
Chen, Z., Chen, C., Ji, C.: Understanding localized-scanning worms. In: 26th IEEE International Performance Computing and Communications Conference, IPCCC 2007, pp. 186–193 (2007)
Zou C.C., Towsley D., Gong W.: On the performance of internet worm scanning strategies. Perform. Eval. 63, 700–723 (2006)
Keromytis A.D., Bellovin S.M., Cheswick B.: Worm propagation strategies in an ipv6 internet. USENIX, login 31, 70–76 (2006)
Zou C., Gong W., Towsley D., Gao L.: The monitoring and early detection of internet worms. ACM Trans. Networking 13, 961–974 (2005)
Yu, W., Wang, X., Xuan, D., Lee, D.: Effective detection of active worms with varying scan rate. International Conference on Security and Privacy in Communication Networks (IEEE SecureComm), pp. 1–10 (2006)
Morin B., Mé L.: Intrusion detection and virology: an analysis of differences, similarities and complementariness. J. Comput. Virol. 3, 39–49 (2007)
Serazzi, G., Zanero, S.: Computer virus propagation models. In: MASCOTS Tutorials. Volume 2965 of Lecture Notes in Computer Science, pp. 26–50. Springer, Heidelberg (2003)
Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pp. 138–147. ACM, New York (2002)
Anderson R.M., May R.M.: Infectious diseases of humans: dynamics and control. Oxford Science Publications, (1992)
Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: IEEE Symposium on Security and Privacy, pp. 343–361 (1991)
Onwubiko C., Lenaghan A., Hebbes L.: An improved worm mitigation model for evaluating the spread of aggressive network worms. Computer as a Tool, 2005. EUROCON 2005. Int. Conf. 2, 1710–1713 (2005)
Wang, Y., Wang, C.: Modeling the effects of timing parameters on virus propagation. In: WORM ’03: Proceedings of the 2003 ACM workshop on Rapid malcode, pp. 61–66. ACM, New York (2003)
Kesidis, G., Hamadeh, I., Jiwasurat, S.: Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms. In: Quality of Service in Multiservice IP Networks, Third International Workshop, QoS-IP 2005. Lecture Notes in Computer Science, vol. 3375, pp. 101–109. Springer, Heidelberg (2005)
Vanmarcke E.: Random fields, analysis and synthesis. MIT Press, Cambridge (1983)
Ludwig D.J.D., Holling C.: Qualitative analysis of insect outbreak systems: The spruce budworm and forest. J. Anim. Ecol. 47, 315–332 (1978)
AvlonitisM. Zaiser M.A.E.C.: Nucleation and non-linear strain localization during cyclic plastic deformation. J. Mech. Behav. Mater. 18, 69–79 (2007)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Avlonitis, M., Magkos, E., Stefanidakis, M. et al. Treating scalability and modelling human countermeasures against local preference worms via gradient models. J Comput Virol 5, 357–364 (2009). https://doi.org/10.1007/s11416-008-0099-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-008-0099-8