Skip to main content
SpringerLink
Log in

Defending against the propagation of active worms

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Active worms propagate across networks by employing the various target discovery techniques. The significance of target discovery techniques in shaping a worm’s propagation characteristics is derived from the life cycle of a worm. The various target discovery techniques that could be employed by active worms are discussed. It is anticipated that future active worms would employ multiple target discovery techniques simultaneously to greatly accelerate their propagation. To accelerate a worm’s propagation, the slow start phase in the worm’s propagation must be shortened by letting the worm infect the first certain percentage of susceptible hosts as soon as possible. Strategies that future active worms might employ to shorten the slow start phase in their propagation are studied. Their respective cost-effectiveness is assessed. A novel active defense mechanism is proposed, which could be an emerging solution to the active worm problem. Our major contributions in this article are first, we found the combination of target discovery techniques that can best accelerate the propagation of active worms; second, we proposed several strategies to shorten a worm’s slow start phase in its propagation and found the cost-effective hit-list size and average size of internally generated target lists; third, we proposed a novel active defense mechanism and evaluated its effectiveness; and fourth, we proposed three novel discrete time deterministic propagation models of active worms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Weaver N, Paxson V, Staniford S, Cunningham R (2003) A taxonomy of computer worms. In: WORM ’03, Washington, DC, USA, 2003, pp 11–18

  2. Berghel H (2001) The Code Red worm: malicious software knows no bounds. Commun ACM 44:15–19

    Article  Google Scholar 

  3. Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the Slammer worm. IEEE Secur Priv 1(4):33–39

    Article  Google Scholar 

  4. Shannon C, Moore D (2004) The spread of the Witty worm. IEEE Secur Priv 2(4):46–50

    Article  Google Scholar 

  5. Xiang Y, Zhou W, Chowdhury M (2004) A survey of active and passive defence mechanisms against DDoS attacks. Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia

  6. Xiang Y, Zhou W (2006) Protecting web applications from DDoS attacks by an active distributed defense system. Int J Web Inf Syst (IJWIS) 2:37–44

    Google Scholar 

  7. Kienzle DM, Elder MC (2003) Recent worms: a survey and trends. In: WORM ’03, Washington, DC, USA, 2003, pp 1–10

  8. Wong C, Bielski S, McCune JM, Wang C (2004) A study of mass-mailing worms. In: WORM ’04, Washington, DC, USA, 2004, pp 1–10

  9. Mannan M, van Oorschot PC (2005) On instant messaging worms, analysis and countermeasures. In: WORM ’05, Fairfax, VA, USA, 2005, pp 2–11

  10. Spafford EH (1989) The Internet worm program: an analysis. ACM SIGCOMM Comput Commun Rev 19:17–57

    Article  Google Scholar 

  11. Schechter SE, Smith MD (2003) Access for sale: a new class of worm. In: WORM ’03, Washington, DC, USA, 2003, pp 19–23

  12. Ma J, Voelker GM, Savage S (2005) Self-stopping worms. In: WORM ’05, Fairfax, VA, USA, 2005, pp 12–21

  13. Moore D, Shannon C, Brown J (2002) Code-Red: a case study on the spread and victims of an Internet worm. In: IMW ’02, Marseille, France, 2002, pp 273–284

  14. Zou CC, Towsley D, Gong W (2003) On the performance of Internet worm scanning strategies. University of Massachusetts. Technical Report: TR-03-CSE-07

  15. Zou CC, Towsley D, Gong W, Cai S (2005) Routing worm: a fast, selective attack worm based on IP address information. In: PADS ’05, 2005, pp 199–206

  16. Chen Z, Ji C (2005) Importance-scanning worm using vulnerable-host distribution. In: IEEE GLOBECOM, 2005, pp 1779–1784

  17. Chen Z, Ji C (2005) A self-learning worm using importance scanning. In: WORM ’05, Fairfax, VA, USA, 2005, pp 22–29

  18. Staniford S, Paxson V, Weaver N (2002) How to own the Internet in your spare time. In: Security ’02, San Francisco, CA, USA, 2002, pp 149–167

  19. Staniford S, Moore D, Paxson V, Weaver N (2004) The top speed of flash worms. In: WORM ’04, Washington, DC, USA, 2004, pp 33–42

  20. Xiang Y, Fan X, Zhu W (2008) Propagation of active worms: a survey. Int J Comput Syst Sci Eng (IJCSSE) (accepted)

  21. Williamson MM (2002) Throttling viruses: restricting propagation to defeat malicious mobile code. In: IEEE ACSAC, Las Vegas, NV, USA, 2002, pp 61–68

  22. Wong C, Wang C, Song D, Bielski S, Ganger GR (2004) Dynamic quarantine of Internet worms. In: DSN ’05, Florence, Italy, 2004, pp 73–82

  23. Antonatos S, Akritidis P, Markatos EP, Anagnostakis KG (2005) Defending against hitlist worms using network space randomization. In: WORM ’05, Fairfax, VA, USA, 2005, pp 1–11

  24. Sellke S, Shroff NB, Bagchi S (2005) Modeling and automated containment of worms. In: DSN ’05, 2005, pp 528–537

  25. Rajab MA, Monrose F, Terzis A (2006) On the impact of dynamic addressing on Malware propagation. In: WORM ’06, Fairfax, VA, USA, 2006, pp 51–56

  26. Chen S, Tang Y (2007) DAW: a distributed antiworm system. IEEE Trans Parallel Distrib Syst 18:893–906

    Article  Google Scholar 

  27. Zou CC, Gong W, Towsley D (2002) Code Red worm propagation modeling and analysis. In: CCS ’02, Washington, DC, USA, 2002, pp 138–147

  28. Anderson RM, May RM (1991) Infectious diseases of humans: dynamics and control. Oxford University Press, Oxford

    Google Scholar 

  29. Andersson H, Britton T (2000) Stochastic epidemic models and their statistical analysis. Springer, New York

    MATH  Google Scholar 

  30. Bailey NT (1975) The mathematical theory of infectious diseases and its applications. Hafner Press, New York

    MATH  Google Scholar 

  31. Frauenthal JC (1980) Mathematical modeling in epidemiology. Springer, New York

    MATH  Google Scholar 

  32. Daley DJ, Gani J (1999) Epidemic modelling: an introduction. Cambridge University Press, Cambridge

    MATH  Google Scholar 

  33. Chen Z, Gao L, Kwiat K (2003) Modeling the spread of active worms. In: IEEE INFOCOM, 2003, pp 1890–1900

  34. Wang Y, Wang C (2003) Modeling the effects of timing parameters on virus propagation. In: WORM ’03, Washington, DC, USA, 2003, pp 61–66

  35. Rohloff K, Basar T (2005) Stochastic behavior of random constant scanning worms. In: 14th ICCCN, San Diego, CA, USA, 2005, pp 339–344

  36. Hoel PG, Port SC, Stone CJ (1971) Introduction to probability theory. Houghton Mifflin, Boston

    MATH  Google Scholar 

  37. Karlin S, Taylor HM (1975) A first course in stochastic processes, 2nd edn. Academic Press, San Diego

    MATH  Google Scholar 

  38. Ross S (1996) Stochastic processes, 2nd edn. Wiley, New York

    MATH  Google Scholar 

  39. Fan X, Xiang Y (2008) Accelerating the propagation of active worms by employing multiple target discovery techniques. In: 2008 IFIP international conference on network and parallel computing (NPC 2008), Shanghai, China, 2008, pp 150–161

  40. Ellis D (2003) Worm anatomy and model. In: WORM ’03, Washington, DC, USA, 2003, pp 42–50

  41. Zou CC, Gao L, Gong W, Towsley D (2003) Monitoring and early warning for Internet worms. In: CCS ’03, Washington, DC, USA, 2003, pp 190–199

  42. Zou CC, Gong W, Towsley D, Gao L (2005) The monitoring and early detection of Internet worms. IEEE/ACM Trans Netw 13:961–974

    Article  Google Scholar 

  43. Wagner A, Dubendorfer T (2003) Experiences with worm propagation simulations. In: WORM ’03, Washington, DC, USA, 2003, pp 34–41

  44. Weaver N, Hamadeh I, Kesidis G, Paxson V (2004) Preliminary results using scale-down to explore worm dynamics. In: WORM ’04, Washington, DC, USA, 2004, pp 65–72

  45. Fan X, Xiang Y (2008) Shortening the slow start phase in the propagation of active worms. In: 2008 international symposium on computer science and its applications (CSA 2008), Hobart, Australia, 2008, pp 90–95

  46. Fan X, Xiang Y (2008) Defending against the propagation of active worms. In: 2008 IEEE/IFIP international conference on embedded and ubiquitous computing (EUC 2008), Shanghai, China, 2008, pp 350–355

  47. Yu W (2004) Analyze the worm-based attack in large scale P2P networks. In: The 8th IEEE international symposium on high assurance systems engineering (HASE 2004), 2004

  48. Arce I, Levy E (2003) An analysis of the Slapper worm. IEEE Secur Priv 1(1):82–87

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Management and Information Systems, Centre for Intelligent and Networked Systems, Central Queensland University, Rockhampton, Queensland, Australia

    Xiang Fan & Yang Xiang

Authors
  1. Xiang Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yang Xiang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Fan, X., Xiang, Y. Defending against the propagation of active worms. J Supercomput 51, 167–200 (2010). https://doi.org/10.1007/s11227-009-0283-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-009-0283-8

Keywords

Search

Navigation