Modeling and analysis of gradual hybrid anti-worm

Jun-qun Li; Zheng Qin; Lu Ou; O. Salman; A. X. Liu; Jin-min Yang

doi:10.1007/s11771-011-0941-x

Journal of Central South University ›› 2011, Vol. 18 ›› Issue (6) : 2050 -2055. DOI: 10.1007/s11771-011-0941-x

Article

Modeling and analysis of gradual hybrid anti-worm

Author information +

History +

PDF

Abstract

The gradual hybrid anti-worm (GHAW) was presented. It changed its confrontation scheme in real time according to the percentage of vulnerable hosts present in the network. For GHAW, its process of countering malicious internet worms was modeled. The performance of GHAW on two factors was also estimated: confronting validity against worms and consumption of network resources. Factors governing its performance, specifically the transformation threshold and the transformation rate, were analyzed. The simulation experiments show that GHAW has dynamical adaptability to changes of network conditions and offers the same level of effectiveness on confronting internet worms as the divide-and-rule hybrid anti-worm, with significantly less cost to network resources. The experiments also indicate that the transformation threshold is the key factor affecting the performance of GHAW.

Keywords

network security / internet worm / anti-worm / vulnerable host / propagation model

Cite this article

Download citation ▾

Jun-qun Li, Zheng Qin, Lu Ou, O. Salman, A. X. Liu, Jin-min Yang. Modeling and analysis of gradual hybrid anti-worm. Journal of Central South University, 2011, 18(6): 2050-2055 DOI:10.1007/s11771-011-0941-x

登录浏览全文

4963

注册一个新账户忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	KienzleD. M., ElderM. C.. Recent worms: A survey and trends [C]. STANIFORD S. Proc of the ACM CCS Workshop on Rapid Malcode, 2003, New York, ACM: 1-10

[2]	StanifordS., MooreD., PaxsonV., WeaverN.. The top speed of flash worm [C]. Proc of the 2004 ACM Workshop on Rapid Malcode, 2004, New York, ACM: 33-42

[3]	MooreD., ShannonC., BrownJ.. Code-red: A case study on the spread and victims of an Internet worm [C]. Proc of the 2nd ACM SIGCOMM Workshop on Internet Measurement, 2002, New York, ACM: 273-284

[4]	MooreD., PaxsonV., SavageS., ShannonC., StanifordS., WeaverN.. Inside the slammer worm [J]. IEEE Magazine of Security and Privacy, 2003, 1(4): 33-39

[5]	WenW.-p., QingS.-h., JiangJ.-chun.. Research and development of internet worms [J]. Journal of Software, 2004, 15(8): 1208-1219

[6]	BuT., ChenA.-y., WielS. V., WooT.. Design and evaluation of a fast and robust worm detection algorithm [C]. Proc of IEEE INFOCOM2006, 2006, Piscataway, IEEE: 169-180

[7]	JiangX.-x., BuchholzF., WaltersA., XuD.-y., WangY.-m., SpaffordE. H.. Tracing worm break-in and contaminations via process coloring: A provenance-preserving approach [J]. IEEE Transactions on Parallel and Distributed Systems, 2008, 19(7): 890-902

[8]	YuW., ZhangN., FuX.-w., ZhaoWei.. Self-disciplinary worms and countermeasures: Modeling and analysis [J]. IEEE Transactions on Parallel and Distributed Systems, 2010, 21(10): 1501-1514

[9]	WuD., LongD.-y., WangC.-j., GuanZ.-peng.. Modeling and analysis of worm and killer-worm propagation using the divide-and-conquer strategy [C]. Proc of the 6th International Conference on Algorithms and Architecture for Parallel Processing, 2005, Berlin, Springer: 370-375

[10]	CastanedF., SezerC. E., XuJun.. WORM vs. WORM: Preliminary study of an active counter-attack mechanism [C]. Proc of the 2004 ACM Workshop on Rapid Malcode, 2004, New York, ACM: 83-93

[11]	WangC., QingS.-h., HeJ.-bo.. Anti-worm based on hybrid confronting technology [J]. Journal on Communications, 2007, 28(1): 28-34

[12]	ZhouH.-x., ZhaoH., WenY.-you.. Modeling and analysis of divide-and-rule-hybrid-benign worms [J]. Journal of Computer Research and Development, 2009, 46(7): 1110-1116

[13]	LiuQ., ZhengQ.-h., GuanX.-h., ChenX.-q., CaiZ.-min.. Modeling and analysis of worm propagation in IPV6 networks [J]. Chinese Journal of Computers, 2006, 29(8): 1337-1345

[14]	ChebZ.-s., GaoL.-x., KwiatK.. Modeling the spread of active worms [C]. Proc of IEEE INFOCOM 2003, 2003, Piscataway, IEEE: 1890-1900

[15]	ZouC. C., GongW.-b., TowsleyD.. Code red worm propagation modeling and analysis [C]. Proc of the ACM Conference on Computer and Communications Security, 2002, New York, ACM: 138-147

[16]	StephebsonB., SikdarB.. A quasi-species approach for modeling the dynamics of polymorphic worms [C]. Proc of IEEE INFOCOM2006, 2006, Piscataway, IEEE: 144-155

[17]	MannaP. K., ChenS.-g., RankaS.. Inside the permutation-scanning worms: Propagation modeling and analysis [J]. IEEE/ACM Transactions on Networking, 2010, 18(3): 858-870