Proceedings ArticleDOI
Code red worm propagation modeling and analysis
Cliff C. Zou,Weibo Gong,Don Towsley +2 more
- pp 138-147
TLDR
This paper provides a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken by ISPs and users; the other is the slowed down worm infection rate because Code Red rampant propagation caused congestion and troubles to some routers.Abstract:
The Code Red worm incident of July 2001 has stimulated activities to model and analyze Internet worm propagation. In this paper we provide a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken by ISPs and users; the other is the slowed down worm infection rate because Code Red rampant propagation caused congestion and troubles to some routers. Based on the classical epidemic Kermack-Mckendrick model, we derive a general Internet worm model called the two-factor worm model. Simulations and numerical solutions of the two-factor worm model match the observed data of Code Red worm better than previous models do. This model leads to a better understanding and prediction of the scale and speed of Internet worm spreading.read more
Citations
More filters
Proceedings ArticleDOI
Countering code-injection attacks with instruction-set randomization
TL;DR: A new, general approach for safeguarding systems against any type of code-injection attack, by creating process-specific randomized instruction sets of the system executing potentially vulnerable software that can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.
Proceedings ArticleDOI
Modeling the spread of active worms
TL;DR: This paper presents a mathematical model, referred to as the Analytical Active Worm Propagation (AAWP) model, which characterizes the propagation of worms that employ random scanning, and extends the AAWP model to understand the spread ofworms that employ local subnet scanning.
Journal ArticleDOI
Model-based evaluation: from dependability to security
TL;DR: It is found that many techniques from dependiveness evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
Journal ArticleDOI
An Overview of IP Flow-Based Intrusion Detection
TL;DR: The paper provides a classification of attacks and defense techniques and shows how flow-based techniques can be used to detect scans, worms, Botnets and (DoS) attacks.
Proceedings Article
Modeling Botnet Propagation Using Time Zones.
TL;DR: A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
References
More filters
Book
Infectious Diseases of Humans: Dynamics and Control
Roy M. Anderson,Robert M. May +1 more
TL;DR: This book discusses the biology of host-microparasite associations, dynamics of acquired immunity heterogeneity within the human community indirectly transmitted helminths, and the ecology and genetics of hosts and parasites.
Journal ArticleDOI
Fluid-based analysis of a network of AQM routers supporting TCP flows with an application to RED
TL;DR: This paper uses jump process driven Stochastic Differential Equations to model the interactions of a set of TCP flows and Active Queue Management routers in a network setting and presents a critical analysis of the RED algorithm.
Proceedings Article
How to Own the Internet in Your Spare Time
TL;DR: This work develops and evaluates several new, highly virulent possible techniques: hit-list scanning, permutation scanning, self-coordinating scanning, and use of Internet-sized hit-lists (which creates a flash worm).